SMM rootkit: A new breed of OS independent malware

Security and Communication Networks

Volumn 6, Issue 12, 2013, Pages 1590-1605

  Embleton, Shawn ^a   Sparks, Sherri ^a   Zou, Cliff C ^a  

^a UNIVERSITY OF CENTRAL FLORIDA   (United States)

Author keywords

Hardware security; Malware; Operating system security; Rootkit; System management mode

Indexed keywords

COMPUTER CRIME; COMPUTER HARDWARE; HARDWARE; HARDWARE SECURITY;

COMMODITY SYSTEMS; EXECUTION ENVIRONMENTS; HARDWARE VIRTUALIZATION; INTEL PROCESSORS; MEMORY PROTECTION; OPERATING SYSTEM SECURITY; SYSTEM MANAGEMENT MODE; TARGETED ATTACKS;

MALWARE;

EID: 84888412363     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.166     Document Type: Article

References (29)

1. Thimbleby H, Anderson S, Cairns P.A Framework for Modeling Trojans and Computer Virus Infections.The Computer Journal, 1998;41(7):444-458.
2. Fuzen Op.The FU rootkit.http://www.rootkit.com/project.php?id=12
3. Hoglund G.A REAL NT Rootkit, patching the NT Kernel. InPhrack Magazine, Vol.9, No 55 1999.
4. Butler J.VICE-Catch the Hookers. Presented at Black Hat USA. August2004.
5. King ST, Chen PM, Wang Y-M, Verbowski C, Wang HJ, Lorch JR.Subvirt: Implementing malware with virtual machines. In Proceedings of IEEE Symposium on Security and Privacy (S & p' 06) pages314-327, Washington, DC, USA, 2006; IEEE Computer Society.
6. Intel Corporation.Intel 64 and IA-32 Architectures Software Developer's Manual Volume3B: System Programming Guide, Part 2. May2007.
7. Intel Corporation.Intel 64 and IA-32 Architectures Software Developer's Manual Volume3A: System Programming Guide, Part 1. May2007.
8. Sparks S, Butler, Shadow Walker: J. Raising the Bar for Windows Rootkit Detection. In Phrack Volume 0x0B, Issue 0x3D, Phile #0x08 of 0x142005.
9. Rutkowska J.New Blue Pill.www.bluepillproject.org/stuff/nbp-0.11.zip2007.
10. Rutkowska J.Subverting Vista Kernel for Fun and Profit. Presented at Black Hat USA, August2006.
11. Zovi. DA.Hardware Virtualization Rootkits. Presented at Black Hat USA, Aug2006;www.theta44.org/software/HVM_Rootkits_ddz_bh-usa-06.pdf
12. Heasman J.Implementing and Detecting an ACPI BIOS Rootkit. Presented at Black Hat Federal, 2006.
13. Cogswell B, Russinovich M.RootkitRevealer v1.71. November 1, 2006;Http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
14. F-Secure Black Light.http://www.f-secure.com/blacklight
15. Duflot L, Etiemble D, Grumelard O.Using CPU system management mode to circumvent operating System security functions. In DCSSI 51 bd. De la Tour Maubourg 75700 Paris Cedex, France2007.
16. Intel Corporation.Intel 845GE/845PE Chipset Datasheet. October2002.
17. Intel Corporation.Intel 82801DB I/O Controller Hub 4 (ICH4). May2002.
18. Heasman J.Implementing and Detecting an ACPI BIOS Rootkit. Presented at Black Hat, Federal
19. Butler J, Hoglund G.Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, 2005.
20. [8042] Keyboard Controller.heim.ifi.uio.no/
21. Rutkowska J."Rootkits vs. Stealth by Design Malware", Presented at Black Hat, Europe2006.
22. Support for USB and Legacy Keyboards and Mouse Devices. December2001;microsoft.com/whdc/device/input/usbhost.mspx
23. www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf
24. Windbg.en.wikipedia.org/wiki/WinDbg2007.
25. Heasman J.Implementing and detecting a PCI Rootkit. Presented at Black Hat Federal2007.
26. Garfinkel T, Adams K, Warfield A, Franklin J.Compatibility is Not Transparency: VMM Detection Mythis and Realities. In HotOS XI: 11th Workshop on Hot Topics in Operating Systems2007; USENIX.
27. Rutkowska J.System Virginity Verifier-Defining the Roadmap for Malware Detection on Windows System. Presented at Hack In The Box. September2005.
28. Petroni NL, Fraser T, Molina J, Arbaugh WA.Copilot-A Coprocessor-based Kernel Runtime Integrity Monitor. In Proceeding Usenix Security Symposium August2004.
29. Butler J, Sparks S.Windows rootkits of2005, Part 2.http://www.securityfocus.com/infocus/18512005.