Summary


The examples provided in this chapter do not directly enhance the rootkit we’ve been building throughout this book. An e-mail client extension will usually log e-mail traffic to disk for eventual retrieval by a rootkit. As such, there is no interdependence between rootkits and e-mail client extensions. This allows an e-mail client extension to function completely autonomously.

Named pipes are an excellent way to alert a rootkit to decoupled activity such as e-mail filtering. If your e-mail client extension saves information to a file, the location of the file can be passed to a rootkit in a named pipe. The rootkit can then process the contents of the file as required.

Placing filtered e-mail data into a directory buffer is also a great way to transfer e-mail traffic. A rootkit can be set to periodically check the contents of a special directory and process the contents of that directory when files are discovered. However, this mechanism does require added synchronization to ensure that reading and writing do not interfere with each other.

Though e-mail client extensions will be of little value outside the corporate infrastructure, there is no better way to gather personal information from a corporate environment. If you are targeting a corporate environment, there is a high likelihood that the e-mail system will implement some form of client extension capability. This chapter has provided solutions for the two most popular servers:

  • Microsoft Exchange Server for Outlook

  • Domino Server for Lotus Notes

The next chapter presents basic rootkit installation techniques.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net