CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

F-secure study: Kernel-mode rootkit trends since 2004

 
Post new topic   Reply to topic       All -> FavForums -> Rootkit Revelations [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
AplusWebMaster

General
General


Joined: Mar 14, 2004
Posts: 4828
Location: USA
PostPosted: Thu Feb 22, 2007 1:17 pm    Post subject: F-secure study: Kernel-mode rootkit trends since 2004
Reply with quote

FYI...

- http://www.f-secure.com/weblog/archives/archive-022007.html#00001118
February 22, 2007 ~ "...The trend has changed dramatically at the end of the year 2004. This is mostly explained by the increased number of malware starting to use kernel-mode rootkits to hide their presence on the compromised system. Today, kernel-mode rootkits are much more common than their user-mode counterparts. There are many reasons for this. Kernel-mode rootkits are more powerful thus they are able to hide better. Documentation with examples and fully working source code is easily available – there are even books available that explain in detail how to write your own kernel-mode rootkit. Implementing a full-flexed user-mode rootkit is a complex task. It seems that for malware authors, it is much easier just to upgrade their user-mode malware with a cut-and-paste kernel-mode rootkit..."

(Graphs and PDF info links available at the URL above.)

Shocked


_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
Back to top
View users profile Send private message Visit posters website
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17542

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Fri Feb 23, 2007 3:39 am    Post subject:
Reply with quote

Easy is better for brain-dead blackhats. Rolling Eyes
That can also be their undoing.

Thanks for sharing this info. Thumbs Up


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Rootkit Revelations All times are GMT
Page 1 of 1

 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
136ppm 0.269s (0.044s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer