Kernel Malware: The Attack from Within

Ice_Czar · Mar 7, 2007

Kernel Malware: The Attack from Within

PDF by Kimmo Kasslin F-Secure
presented in Dec at AVAR 2006 (Anti-Virus Asia Researchers)
from what I can tell released February 22nd

Abstract
The Kernel is the heart of modern operating systems. Code executing in kernel mode has full access to all memory including the kernel itself, all CPU instructions, all hardware. For this obvious reason only the most trusted software should be allowed to run in Kernel mode.

Today, we are facing an emerging threat in the form of kernel-mode malware. By kernel-mode malware we mean malicious software that executes as part of the operating system having full access to the computer's resources. To the end-user this means malware that can bypass software firewalls and can be almost impossible to detect or remove even if the best anti-virus solutions are being used
Click to expand...

interesting reading and far more technical than the abstract would lead you to believe. Most would find the intermediate level of interest specifically Full-Kernel vs Semi-Kernel Malware, Kernel Mode vs User Mode, and History & Trends of Kernel Malware

(I have searched extensively to see if this was previously posted but came up empty)

lucas1985 · Mar 8, 2007

Nice paper Ice, thanks

EASTER.2010 · Mar 8, 2007

Thank You for that PDF report ICE, every paper on the more technical aspects laid out in detail like this offers a better prospective on just how to fine tune our own configs with the security programs we use to filter those type intrusions.

Log in or Sign up

Kernel Malware: The Attack from Within

Ice_Czar Registered Member

lucas1985 Retired Moderator

EASTER.2010 Guest

Log in or Sign up

Kernel Malware: The Attack from Within

Ice_Czar Registered Member

lucas1985 Retired Moderator

EASTER.2010 Guest

Useful Searches