Abstract
Rootkits, which unnoticeably reside in your computer, stealthily carry on remote control and software eavesdropping, are a great threat to network and computer security. It's time to acquaint ourselves with their implement and detection. This article pays more attention to kernel rootkits, because they are more difficult to compose and to be identified than useland rootkits. The latest technologies used to write and detect kernel rootkits, along with their advantages and disadvantages, are present in this article.
Similar content being viewed by others
References
Greg H, James B.Rootkits: Subverting the Windows Kernel [M]. Boston: Addison Wesley, 2005.
Prasad D, Milind B, Sandeep P.Undocumented Windows NT[M]. New York: M&T Books, 1999: 33–44.
Walter O.Programming the Windows Driver Model[M]. Washington: Microsoft Press, 2003: 77–92.
Peter S.The Art of Computer Virus Research and Defense [M]. Boston: Addison Wesley, 2005: 69–92.
Ed S, Lenny Z.Malware: Fighting Malicious Code [M]. Indiana: Prentice Hall, 2003: 34–45.
David S, Mark R.Microsoft Windows Internals [M]. Washington: Microsoft Press, 2004: 88–102.
Rutkowska J. Detecting Windows Server Compromises with Patchfinder 2 [EB/OL]. [2005-01-20].http://www.invisibleth ings. org/papers/rootkits_detection_with_patchfinder2. pdf.
Cogswell B, Russinovich M. RootkitRevealer [EB/OL]. [2005-06-10].http://www. sysinternals. com/ntw2k/freeware/rootkitreveal.shtml.
James B, Jeff U, John P, Hidden Processes: The Implication for Intrusion Detection [EB/OL]. [2005-01-20].http://www.csee. umbc. edu/~stephens/SECURITY/491M/HiddenProcesses.ppt.
Sven B S.Undocumented Windows 2000 Secret [M]. Boston: Addison Wesley, 2001: 143–152.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the Key Scientific and Technological Project of Henan Province (SP200402089)
Biography: LI Xianghe (1957-), male, Professor, research direction: network communication, network attack and defense.
Rights and permissions
About this article
Cite this article
Xianghe, L., Liancheng, Z. & Shuo, L. Kernel rootkits implement and detection. Wuhan Univ. J. Nat. Sci. 11, 1473–1476 (2006). https://doi.org/10.1007/BF02831800
Received:
Issue Date:
DOI: https://doi.org/10.1007/BF02831800