Eric Cole scite author profile

A fter breaking into a system, attackers usually install rootkits to create secret backdoors and cover their tracks. Unlike the name implies, rootkits don't provide root access. Instead, they arm attackers with stealth on already compromised systems. Stealthy operations hide processes, files, and connections that let an attacker sustain long-term access without alerting system administrators. (See the "Rootkit 101" sidebar for more details on rootkits.) Fortunately, most rootkits suffer from a lack of covertness and secrecy within their binaries. This lets administrators with access to the binary, or kernel, memory, analyze it for suspicious string and symbol characteristics. They can extract the strings and symbols and determine what attackers are doing to their systems. Unfortunately, attackers can avoid analysis by using code-obfuscation techniques that make it difficult for system administrators to detect and analyze kernel rootkits. Merely looking at symbol-table and text-segment information, which contains function names, variables, and strings contained in a program, provides valuable insight into rootkits (and even nonmalicious programs) that do not employ obfuscation. In this article, we show how software developers can use obfuscation techniques to fight attackers who reverseengineer or illegally distribute commercial-software.

show abstract

The Changing Threat

Cole¹

2013

View full text Add to dashboard Cite

What Is There to Worry About?

Cole¹,

Ring²

2006

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Eric Cole

Profiles of the Insider Threat

Transform Domain Steganography Detection Using Fuzzy Inference Systems

Taking a lesson from stealthy rootkits

The Changing Threat

What Is There to Worry About?

Contact Info

Product

Resources

About