EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

Research that matters – kernel malware and why we should worry about it

February 28th, 2007 · No Comments ·

Kernel is the heart of an operating system such as Windows. As we all know, code executing in kernel mode has full access to all memory including

– the kernel itself,
– all CPU instructions, and
– all hardware.

Based on the above it is clear that only the most trusted software should be allowed to run in kernel mode.

At AVAR 2006 in Auckland (2006-12-02 – 12-05) a brief overview of kernel malware is provided followed by detailed analysis of the kernel malware and case studies. If you ever wonder how kernel rootkit and other kernel level malware works, this is a good paper to read.

This paper by Kimmo Kasslin provides a brief overview of kernel malware and then gets into more depth analysing the issues and providing some case material.

It is really quite helpful regarding explaining kernel rootkit-type of malware as well as kernel level malware as well as outlining how it works in practice.

Kasslin, Kimmo (December 2005). Kernel malware: The enemy from within. Paper presented at the AVAR 2006 conference. Auckland, New Zealand


|

→ No CommentsTags: Uncategorized