Visit Indian Travel Sites
Goa,
Kerala,
Tamil Nadu,
Andhra Pradesh,
Delhi,
Rajasthan,
Uttar Pradesh,
Himachal Pradesh,
Assam,
Sikkim,
Madhya Pradesh,
Jammu & Kashmir
Karnataka
|
How to block stealthy malware attacks | Researchers from North Carolina State University have devised a novel way to block rootkits, one of the
most insidious types of malware, preventing them from taking over computer systems.
Malware or computer viruses is a growing problem that can lead to crashed computer
systems and stolen personal information. A recent Internet security threat report
showed a 1,000 percent increase in the number of new malware signatures extracted
from the in-the-wild malware programs found from 2006 to 2008. Rootkits typically
work by hijacking a number of "hooks," or control data, in a computer's operating
system. "Hackers can use rootkits to install and hide spyware or other programs.
When you start your machine, everything seems normal but, unfortunately, you've
been compromised," said Dr. Xuxian Jiang, assistant professor of computer science
at NC State and a co-author of the research. "By taking control of these hooks,
the rootkit can intercept and manipulate the computer system's data at will essentially
letting the user see only what it wants the user to see," Jiang added. As a result,
the rootkit can make itself invisible to the computer user and any antivirus software.
Furthermore, the rootkit can install additional malware, such as programs designed
to steal personal information, and make them invisible as well. In order to prevent
a rootkit from insinuating itself into an operating system, Jiang said that all
of an operating system's hooks need to be protected. "Our research leads to a
new way that can protect all the hooks in an efficient way, by moving them to
a centralized place and thus making them easier to manage and harder to subvert,"
said Jiang. Jiang revealed that by placing all of the hooks in one place, researchers
were able to simply leverage hardware-based memory protection, which is now commonplace,
to prevent hooks from being hijacked. They were able to put hardware in place
to ensure that a rootkit cannot modify any hooks without approval from the user. |
|
|
|
|
|