Summary

Previous page
Table of content
Next page

We now have a rootkit that does the following:

  • Hides its device driver entry

  • Hides its configuration file

  • Hooks the operating system kernel

  • Hooks selected processes loaded by the operating system

  • Processes commands sent from user mode applications

  • Communicates with a remote controller

  • Filters network communication

  • Filters file system operations

  • Logs key presses

The threading and logging concepts detailed in this chapter can be applied to many of the previous chapters. Logging the system configuration, the current user, file and network filtered data, and forensic data can all be achieved using the techniques detailed in this chapter.

Our rootkit is just about as complete as a training example can be. However, it’s not really a rootkit unless it contains a few more forms of concealment. Though many of the concealment techniques introduced in the next chapter are easily detectable, they are nonetheless used extensively in most modern rootkits.



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Software Configuration Management
Building Web Applications with UML (2nd Edition)
Special Edition Using FileMaker 8
.NET-A Complete Development Cycle
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy