SMM rootkits: A new breed of os independent malware

Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08

Volumn , Issue , 2008, Pages

  Embleton, Shawn ^a   Sparks, Sherri ^a   Zou, Cliff ^a  

^a UNIVERSITY OF CENTRAL FLORIDA   (United States)

Author keywords

Malware; Operating system security; Rootkit; System Management Mode; Virtualization

Indexed keywords

MALWARE; OPERATING SYSTEM SECURITY; ROOTKIT; SYSTEM MANAGEMENT MODE; VIRTUALIZATION;

COMPUTER OPERATING SYSTEMS; ELECTRONIC EQUIPMENT MANUFACTURE; PHOTOLITHOGRAPHY;

COMPUTER CRIME;

EID: 70249116478     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1460877.1460892     Document Type: Conference Paper

References (30)

1. S.T. King, P.M. Chen, Y-M Wang, C. Verbowski, H.J. Wang, and J.R. Lorch. Subvirt: Implementing malware with virtual machines. In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S & P'06), pages 314{327, Washington, DC, USA, 2006. IEEE Computer Society.
2. th Workshop on Hot Topics in Operating Systems, 2007. USENIX.
3. J. Rutkowska. Subverting Vista Kernel for Fun and Profit. Presented at Black Hat USA, Aug. 2006.
4. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3B: System Programming Guide, Part 2. May 2007.
5. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3A: System Programming Guide, Part 1. May 2007.
6. Intel Corporation. Intel 82801DB I/O Controller Hub 4 (ICH4). May 2002.
7. Intel Corporation. Intel 845GE/845PE Chipset Datasheet. Oct. 2002.
8. J. Heasman. Implementing and Detecting an ACPI BIOS Rootkit. Presented at Black Hat Federal, 2006.
9. L. Duflot, D. Etiemble, and O. Grumelard. Using CPU System Management Mode to Circumvent Operating System Security Functions. In. DCSSI 51 bd. De la Tour Maubourg 75700 Paris Cedex, France. 2007.
10. S. Sparks and J. Butler. Shadow Walker: Raising the Bar for Windows Rootkit Detection. In Phrack Volume 0x0B, Issue 0x3D, Phile #0x08 of 0x14. 2005.
11. J. Butler. VICE - Catch the Hookers. Presented at Black Hat USA. Aug 2004.
12. G. Kim and E. Spafford. The design and implementation of tripwire: a file system integrity checker. In Proceedings of the 2nd ACM Conference on Computer and communications security, 1994. ACM Press.
13. J. Butler and G. Hoglund. Rootkits: Subverting the Windows Kernel. Addison-Wesley, 2005.
14. N. L. Petroni, T. Fraser, J. Molina, and W. A. Arbaugh. Copilot - A Coprocessor-based Kernel Runtime Integrity Monitor. In Proc. Usenix Security Symposium, Aug. 2004.
15. 8042 Keyboard Controller. http://heim.ifi.uio.no/~stanisls/helppc/8042. html
16. Rootkit. http://en.wikipedia.org/wiki/Rootkit. 2007.
17. B. Cogswell and M. Russinovich. RootkitRevealer v1.71. Nov 1, 2006. http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
18. F-Secure Black Light. http://www.f-secure.com/blacklight
19. Thimbleby, S. Anderson, P. Cairns. A Framework for Modeling Trojans and Computer Virus Infections. The Computer Journal, Vol. 41, No. 7, pp. 444-458. 1998.
20. * NT Rootkit, patching the NT Kernel. In Phrack Magazine, Vol. 9, No 55, 1999.
21. Fuzen Op. The FU rootkit. http://www.rootkit.com/project.php?id=12.
22. J. Rutkowska. System Virginity Verifier - Defining the Roadmap for Malware Detection on Windows System. Presented at Hack In The Box. Sept 2005.
23. D. A. Zovi. Hardware Virtualization Rootkits. Presented at Black Hat USA, Aug 2006. http://www.theta44.org/software/HVM-Rootkits-ddz-bh-usa-06. pdf
24. J. Rutkowska. New Blue Pill. http://www.bluepillproject.org/stuff/nbp-0. 11.zip. 2007
25. J. Heasman. Implementing and Detecting an ACPI BIOS Rootkit. Presented at Black Hat, Federal. 2006.
26. http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf
27. J. Butler and S. Sparks. Windows rootkits of 2005, part two. http://www.securityfocus.com/infocus/1851. 2005.
28. J. Rutkowska. IsGameOver() Anyone? Presented at Black Hat, USA. Aug 2007.
29. Windbg. http://en.wikipedia.org/wiki/WinDbg. 2007.
30. Support for USB and Legacy Keyboards and Mouse Devices. Dec 2001. http://www.microsoft.com/whdc/device/input/usbhost.mspx