Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 12th, 2008

Researchers Discovered A New Technique For Stealthier Rootkits

Security researchers have discovered a new technique for developing rootkits, malicious packages used to hide the presence of malware on compromised systems.

Instead of hiding a rootkit in the virtualisation layer, the rootkit can be smuggled into System Management Mode (SMM), an isolated memory and execution environment supported in Intel chips that’s designed to handle problems such as memory errors.

By running rootkits in SMM, miscreants could make hidden malware harder to detect, since they’re hiding code in an area anti-virus scanners don’t check. A proof of concept to be demonstrated at the Black Hat conference in Vegas in August.

SMM code is invisible to the Operating System yet retains full access to host physical memory and complete control over peripheral hardware. A proof of concept SMM rootkit can already function as a chipset level keylogger. The rootkit hides its memory footprint, makes no changes to the host Operating System, and is capable of covertly send sensitive data across the network while evading essentially all host based intrusion detection systems and firewalls.

While keeping the rootkit well away from the operating system makes the malicious code more stealthy, it also introduces problems. Hackers would need to develop device specific driver code, a factor that makes attacks far more difficult.

Share this article with others:

More on CyberInsecure:
  • Rootkit-based Exploits Could Eavesdrop Smartphones
  • Botnet Spams 60 Billion Emails A Day
  • Stealthy Router-based Worm Breeds 100,000 Hosts Botnet
  • Microsoft Release Standalone System Sweeper, Bootable Malware Scanner For Infected Computers
  • Flaw in internet protocol core could disrupt almost any broadband connection device

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Researchers Discovered A New Technique For Stealthier Rootkits

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.