Home Malware Programs Rootkits Stop Rootkit Attacks and Protect Your Kernel 'Hooks'!

Stop Rootkit Attacks and Protect Your Kernel 'Hooks'!

Posted: November 5, 2009

Malicious software, also known as malware or computer viruses, has been a serious problem to computer users for several years. If used successfully, a malicious Rootkit could help cyber criminals crash computer systems, steal personal information, and even steal money.

A 'Rootkit' is one of the stealthiest types of malware, which can effectively hide the presence of other spyware or viruses from the user which enables third parties to steal information from a user's computer without his or her knowledge.

Rootkits are one of the most vicious forms of malware because they are usually hard to detect or remove. This specific type of malware often avoids detection from anti-malware software and can make other software programs invisible not only for anti-virus software but also for the computer user as well. Moreover, even if such a parasite is not found, it can still be difficult to completely eliminate. So, is there any possibility or a way to block rootkits and prevent them from breaking up a computer system?

Exciting news has arrived from researchers at North Carolina State University and Microsoft Research, who have discovered a way to fight rootkits by using the PC's own hardware-based memory protection. It's called HookSafe tool and it basically protects the operating system kernel from rootkits. The HookSafe prototype is a hypervisor-based system that is able to protect about 6,000 distinct kernel hooks and has successfully restricted nine distinct types of rootkits. The newest way to move a huge number of hooks in the kernel to a centralized location makes the hooks easier to control and more difficult to damage.

Typically, a rootkit hijacks 'hook' in the operating system, basically the control data in the kernel used to increase or extend the features of an OS, in order to hide out in the OS. This in turn allows the rootkit to intercept and manipulate the system's data, essentially enabling only reveal to the user what it wants them to see. Doctor Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research report said that, attackers can use rootkits to install and hide spyware or other software programs. If a user's computer is infected by a rootkit, it could mean that when a user boots up his PC, everything looks normal, but sadly, the system is not owned by the user anymore but by a hacker.

In order to protect an operating system from insertion of a rootkit, Jiang and the other researchers have find out that all hooks of an operating system need to be defended. The research of scientists leads to a new method that is able to secure all the hooks in an effective way. This is done by moving them to a centralized place and thus making them easier to manage and harder to subvert. When all the hooks were in one place the scientists could use hardware-based memory protection to restrain them from being hijacked.

Loading...