356lecture09

Mode virtual machine based external mode system call

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: nge of information to convince them of its authenticity Payload – Stealthing Backdoor •  also known as a trapdoor •  secret entry point into a program allowing the attacker to gain access and bypass the security access procedures •  maintenance hook is a backdoor used by programmers to debug and test programs •  difficult to implement operating system controls for backdoors in applications Payload – Stealthing Rootkit •  set of hidden programs installed on a system to maintain covert access to that system •  hides by subverting the mechanisms that monitor and report on the processes, files, and registries on a computer •  gives administrator (or root) privileges to attacker –  can add or change programs and files, monitor processes, send and receive network traffic, and get backdoor access on demand Rootkit Classification Characteristics persistent memory based user mode kernel mode virtual machine based external mode System Call Table Modification Malware Countermeasure Approaches •  ideal solution to the threat of malware is prevention four main elements of prevention: •  policy •  awareness •  vulnerability mitigation •  threat mitigation §༊  if prevention fails, technical mechanisms can be used to support the following threat mitigation options: •  detection •  identification •  removal Generations of Anti-Virus Software first generation: simple scanners •  requires a malware signature...
View Full Document

Ask a homework question - tutors are online