• Kernel Rootkitとは
• Kernel Rootkitのしくみ
• 実際のKernel Rootkit
• Kernel Rootkitの検出
• 対策
The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language for web security related issues.
In the article a new approach to detection of kernel- and user-mode rootkits has been described. Presented technique exploits the processor stepping mode to measure the number of instructions executed in system kernel and DLLs, in order to detect additional instructions inserted by malicious code, like rootkits, backdoors, etc... Implementation of simple detection utility for Windows 2000, which makes use of this technique, is also discussed.
