Hooks hijacked? New research shows how to block stealthy malware attacks
The spread of malicious software, also known as malware or computer viruses, is a growing problem that can lead to crashed computer systems, stolen personal information, and billions of dollars in lost productivity every year. One of the most insidious types of malware is a "rootkit," which can effectively hide the presence of other spyware or viruses from the user – allowing third parties to steal information from your computer without your knowledge. But now researchers from North Carolina State University have devised a new way to block rootkits and prevent them from taking over your computer systems. To give some idea of the scale of the computer malware problem, a recent Internet security threat report showed a 1,000 percent increase in the number of new malware signatures extracted from the in-the-wild malware programs found from 2006 to 2008. Of these malware programs, "rootkits are one of the stealthiest," says Dr. Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research. "Hackers can use rootkits to install and hide spyware or other programs. When you start your machine, everything seems normal but, unfortunately, you've been compromised."
Rootkits typically work by hijacking a number of "hooks," or control data, in a computer's operating system. "By taking control of these hooks, the rootkit can intercept and manipulate the computer system's data at will," Jiang says, "essentially letting the user see only what it wants the user to see." As a result, the rootkit can make itself invisible to the computer user and any antivirus software. Furthermore, the rootkit can install additional malware, such as programs designed to steal personal information, and make them invisible as well.
In order to prevent a rootkit from insinuating itself into an operating system, Jiang and the other researchers determined that all of an operating system's hooks need to be protected. "The challenging part is that an operating system may have tens of thousands of hooks – any of which could potentially be exploited for a rootkit's purposes," Jiang says, "Worse, those hooks might be spread throughout a system. Our research leads to a new way that can protect all the hooks in an efficient way, by moving them to a centralized place and thus making them easier to manage and harder to subvert."
Jiang explains that by placing all of the hooks in one place, researchers were able to simply leverage hardware-based memory protection, which is now commonplace, to prevent hooks from being hijacked. Essentially, they were able to put hardware in place to ensure that a rootkit cannot modify any hooks without approval from the user.
Source: North Carolina State University
Related
- Bogus e-mails from FDIC link computer users to viruses, says UAB computer forensics expertTue, 27 Oct 2009, 16:16:57 EDT
- Computer hardware 'guardians' protect users from undiscovered bugsWed, 1 Oct 2008, 17:49:45 EDT
- For your eyes only: Custom interfaces make computer clicking faster, easierTue, 15 Jul 2008, 15:15:01 EDT
- Denial of service denialWed, 30 Sep 2009, 13:57:21 EDT
- Low-cost strategy developed for curbing computer wormsTue, 13 Jan 2009, 15:49:32 EST
Other sources
- Hooks hijacked? New research shows how to block stealthy malware attacksfrom Science CentricWed, 4 Nov 2009, 6:49:09 EST
- Hooks Hijacked? New Research Shows How To Block Stealthy Malware Attacksfrom Science DailyTue, 3 Nov 2009, 11:35:42 EST
- Hooks hijacked? New research shows how to block stealthy malware attacksfrom Science BlogTue, 3 Nov 2009, 7:28:23 EST
- Hooks hijacked? New research shows how to block stealthy malware attacksfrom PhysorgTue, 3 Nov 2009, 6:42:06 EST
Latest Science Newsletter
Get the latest and most popular science news articles of the week in your Inbox!Learn more about
Popular science news articles
- Therapy 32 times more cost effective at increasing happiness than money
- Researchers begin to decipher metabolism of sexual assault drug
- Novel K-anonimity algorithm safeguards access to data
- Delft breakthrough in bioethanol production from agricultural waste
- Flax and yellow flowers can produce bioethanol
- NIST demonstrates 'universal' programmable quantum processor
- Transcendental Meditation helped heart disease patients lower cardiac disease risks by 50 percent
- Nanoparticles used in common household items caused genetic damage in mice
- Boehringer Ingelheim announces Phase III data of flibanserin in pre-menopausal women with HSDD
- Heart disease found in Egyptian mummies
- African desert rift confirmed as new ocean in the making
- 1 shot of gene therapy and children with congenital blindness can now see
- Scientists discover influenza's Achilles heel: Antioxidants
- Cleanliness is next to godliness: New research shows clean smells promote moral behavior
- Why nice guys usually get the girls
- Nanoparticles used in common household items caused genetic damage in mice
- Treatment with folic acid, vitamin B12 associated with increased risk of cancer, death
- New study links vitamin D deficiency to cardiovascular disease and death
- Continuous chest compression-CPR improved cardiac arrest survival in Arizona
- Largest gene study of childhood IBD identifies 5 new genes