Rootkits and Malicious Code Injection

Authors

  • Marius Vlad Bucharest Academy of Economic Studies

Keywords:

GNU/Linux, rootkits, shellcode, stack overflow, buffer overrun, vulnerability

Abstract

Rootkits are considered by many to be one of the most stealthy computer malware (malicious software) and pose significant threats. Hiding their presence and activities impose hijacking the control flow by altering data structures, or by using hooks in the kernel. As this can be achieved by loadable kernel code sections, this paper tries to explain common entry points into a Linux kernel and how to keep a persistent access to a compromised machine.

Author Biography

Marius Vlad, Bucharest Academy of Economic Studies

IT&C Security Master at Cybernetics, Statistics and Economic Informatics Faculty

References

G. Hoglund, A *real* nt rootkit, patching the nt kernel.

Wikipedia, Rootkit.

J. Kong, Designing BSD Rootkits, An Introduction to Kernel Hacking. No Starch Press, 2007.

J. Bartlett, Programming from Ground Up. Jonathan Bartlett, 2003.

Intel Corporation, Intel 64 and IA-32 Architectures Software Developer Manual, 2010. Volume 1: Basic Architecture.

M. Vlad, Subverting the Linux Kernel, Rootkit Development and Deployment. 2010.

Tool Interface Standard Commitee, Executable and Linking Format (ELF), 1995. Version 1.2.

A. One, Smashing the stack for fun and prot.

J. Ericson, Hacking: The Art of Exploitation. Addison-Wesley, 2nd ed., 2008.

Z. Wang, X. Jiang, W. Chi, and P. Ning, Countering kernel rootkits with lightweight hook protection, CSS ACM,Chicago, Illionios, 2009.

Intel Corporation, Intel 64 and IA-32 Architectures Software Developer Manual, 2010. Volume 3A: System Programming Guide, Part 1.

D. P. Bovet and M. Cesati, Understanding the Linux Kernel. O’Reilly, 3nd ed., 2005.

W. Mauerer, Professional Linux Kernel Architecture. Wiley Publishing, Inc., 2008.

A. Lineberry, Malicious code injection via /dev/mem, Black Hat Europe, 2009.

Downloads

Published

2011-06-30

How to Cite

Vlad, M. (2011). Rootkits and Malicious Code Injection. Journal of Mobile, Embedded and Distributed Systems, 3(2), 91-99. Retrieved from http://jmeds.eu/index.php/jmeds/article/view/Rootkits-and-Malicious-Code-Injection