Thursday November 20, 2008 7:07 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
 
"it's great i tried it"
on McAfee offers free trial of security appliance
by divyacharan | Nov 20, 2008 12:24 AM
 
"I actually love the RoboForm software myself. I use it all of the time and it takes all of the ..."
on Siber Systems RoboForm Enterprise
by Omarra Byrd | Nov 18, 2008 8:19 AM
Web

Kernel-level malware on the rise

  • Email a Friend
  • Print Page
Kernel-level malware on the rise
Related Articles
By Shaun Nichols
Feb 26, 2007 9:48 AM
Tags: Kernel-level | malware | on | the | rise
Online criminals are increasingly turning to kernel-level malware to attack systems, according to security researchers at F-Secure. 

Kernel-level malware acts inside the operating system's kernel, the component that links the system to the computer's hardware. Traditional malware acts like a regular application that runs on top of the operating system.

Kimmo Kasslin, a security researcher at F-Secure, said in a study that this type of malware is "a scary thought".

"It would operate with the same privileges and share all the same resources as the operating system itself, and compete with any security solutions protecting the system's integrity against any malicious activities," he wrote.

The researcher warned that the trend could lead to an "arms race" between security software and the malware, as the latter tries to evade detection.

The race would ultimately favour the code that runs closest to the most basic functions of the operating system.

"This is a path that any serious security software vendor will not take. But the world is full of examples of malware and proof-of-concept code that does exactly this," explained Kasslin.

He noted that malware authors have dramatically increased the use of kernel-level code since 2005, and that 2.63 new kernel malware families were found by security researchers every month last year.

The current kernel code is primarily used with root-kits, which allow conventional malware programs to run undetected. However, Kasslin believes that kernel-level code is poised to take on a more prominent role in malware attacks very soon.

"More information is published about how to do things required by today's malware directly from kernel mode," he said. "This includes how to implement better root-kits, how to bypass personal firewalls and how to create backdoors and IRC bots."

The use of kernel-level code came to the fore last Autumn when Microsoft said that it would include a security component known as PatchGuard to effectively block the operating system kernel.

But security vendors claimed that malware writers would quickly break the protection, effectively offering unfettered access to a machine's entire resources. Security software would then be unable to do anything to stop the attack. 

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
adobe barak barrage bulletin doctor flaws homepage infections malware microsoft obama president purchase recession rise rogue russia spam target virus