Friday July 3, 2009 11:58 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
 
"Katarzyna what has this got to do with Symantec?? "
on Mobile phone directory service faces consumer uproar
by PaulC | Jul 2, 2009 12:55 PM
 
"Hi Nadim, I'm the chief marketing officer at Ounce Labs, and I disagree with your statement. ..."
on Ounce Labs 5.0
by Jennifer Sullivan | Jun 30, 2009 11:56 PM
 
"noobs!"
on Australia shows poor resistance to phishing
by webappsec | Jun 30, 2009 4:53 PM
 
"Jude makes a good point: by increasing the amount of false information provided to phishers, it ..."
on Commonwealth Bank phishing scam alert
by webappsec | Jun 30, 2009 4:43 PM
Web

Kernel-level malware on the rise

  • Email a Friend
  • Print Page
Kernel-level malware on the rise
Related Articles
By Shaun Nichols
Feb 26, 2007 9:48 AM
Tags: Kernel-level | malware | on | the | rise
Hard to catch, even harder to stop.
Online criminals are increasingly turning to kernel-level malware to attack systems, according to security researchers at F-Secure. 

Kernel-level malware acts inside the operating system's kernel, the component that links the system to the computer's hardware. Traditional malware acts like a regular application that runs on top of the operating system.

Kimmo Kasslin, a security researcher at F-Secure, said in a study that this type of malware is "a scary thought".

"It would operate with the same privileges and share all the same resources as the operating system itself, and compete with any security solutions protecting the system's integrity against any malicious activities," he wrote.

The researcher warned that the trend could lead to an "arms race" between security software and the malware, as the latter tries to evade detection.

The race would ultimately favour the code that runs closest to the most basic functions of the operating system.

"This is a path that any serious security software vendor will not take. But the world is full of examples of malware and proof-of-concept code that does exactly this," explained Kasslin.

He noted that malware authors have dramatically increased the use of kernel-level code since 2005, and that 2.63 new kernel malware families were found by security researchers every month last year.

The current kernel code is primarily used with root-kits, which allow conventional malware programs to run undetected. However, Kasslin believes that kernel-level code is poised to take on a more prominent role in malware attacks very soon.

"More information is published about how to do things required by today's malware directly from kernel mode," he said. "This includes how to implement better root-kits, how to bypass personal firewalls and how to create backdoors and IRC bots."

The use of kernel-level code came to the fore last Autumn when Microsoft said that it would include a security component known as PatchGuard to effectively block the operating system kernel.

But security vendors claimed that malware writers would quickly break the protection, effectively offering unfettered access to a machine's entire resources. Security software would then be unable to do anything to stop the attack. 

Copyright © 2009 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
apple attack attacks beladen botnet data email facebook gumblar infected mac malware office phishing security social spam trojans twitter website