Featured Research

from universities, journals, and other organizations

Hooks Hijacked? New Research Shows How To Block Stealthy Malware Attacks

Date:
November 3, 2009
Source:
North Carolina State University
Summary:
The spread of malware, or computer viruses, is a growing problem that can lead to crashed computer systems, stolen personal information, and billions of dollars in lost productivity every year. One of the most insidious types of malware is a "rootkit," which can effectively hide the presence of other spyware or viruses from the user. But now researchers have devised a way to block rootkits and prevent them from taking over your computer systems.

Researchers have devised a new way to block rootkits and prevent them from taking over computer systems.
Credit: iStockphoto/Darko Novakovic

The spread of malicious software, also known as malware or computer viruses, is a growing problem that can lead to crashed computer systems, stolen personal information, and billions of dollars in lost productivity every year. One of the most insidious types of malware is a "rootkit," which can effectively hide the presence of other spyware or viruses from the user -- allowing third parties to steal information from your computer without your knowledge. But now researchers from North Carolina State University have devised a new way to block rootkits and prevent them from taking over your computer systems.

Related Articles


To give some idea of the scale of the computer malware problem, a recent Internet security threat report showed a 1,000 percent increase in the number of new malware signatures extracted from the in-the-wild malware programs found from 2006 to 2008. Of these malware programs, "rootkits are one of the stealthiest," says Dr. Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research. "Hackers can use rootkits to install and hide spyware or other programs. When you start your machine, everything seems normal but, unfortunately, you've been compromised."

Rootkits typically work by hijacking a number of "hooks," or control data, in a computer's operating system. "By taking control of these hooks, the rootkit can intercept and manipulate the computer system's data at will," Jiang says, "essentially letting the user see only what it wants the user to see." As a result, the rootkit can make itself invisible to the computer user and any antivirus software. Furthermore, the rootkit can install additional malware, such as programs designed to steal personal information, and make them invisible as well.

In order to prevent a rootkit from insinuating itself into an operating system, Jiang and the other researchers determined that all of an operating system's hooks need to be protected. "The challenging part is that an operating system may have tens of thousands of hooks -- any of which could potentially be exploited for a rootkit's purposes," Jiang says, "Worse, those hooks might be spread throughout a system. Our research leads to a new way that can protect all the hooks in an efficient way, by moving them to a centralized place and thus making them easier to manage and harder to subvert."

Jiang explains that by placing all of the hooks in one place, researchers were able to simply leverage hardware-based memory protection, which is now commonplace, to prevent hooks from being hijacked. Essentially, they were able to put hardware in place to ensure that a rootkit cannot modify any hooks without approval from the user.

The research, "Countering Kernel Rootkits with Lightweight Hook Protection," will be presented at the 16th ACM Conference on Computer and Communications Security in Chicago, Nov. 12. The study's co-authors are Jiang, Dr. Peng Ning, associate professor of computer science at NC State, NC State Ph.D. student Zhi Wang and Weidong Cui of Microsoft Research.


Story Source:

The above story is based on materials provided by North Carolina State University. Note: Materials may be edited for content and length.


Cite This Page:

North Carolina State University. "Hooks Hijacked? New Research Shows How To Block Stealthy Malware Attacks." ScienceDaily. ScienceDaily, 3 November 2009. <www.sciencedaily.com/releases/2009/11/091103102246.htm>.
North Carolina State University. (2009, November 3). Hooks Hijacked? New Research Shows How To Block Stealthy Malware Attacks. ScienceDaily. Retrieved October 30, 2014 from www.sciencedaily.com/releases/2009/11/091103102246.htm
North Carolina State University. "Hooks Hijacked? New Research Shows How To Block Stealthy Malware Attacks." ScienceDaily. www.sciencedaily.com/releases/2009/11/091103102246.htm (accessed October 30, 2014).

Share This



More Computers & Math News

Thursday, October 30, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Mind-Controlled Prosthetic Arm Restores Amputee Dexterity

Mind-Controlled Prosthetic Arm Restores Amputee Dexterity

Reuters - Innovations Video Online (Oct. 29, 2014) A Swedish amputee who became the first person to ever receive a brain controlled prosthetic arm is able to manipulate and handle delicate objects with an unprecedented level of dexterity. The device is connected directly to his bone, nerves and muscles, giving him the ability to control it with his thoughts. Matthew Stock reports. Video provided by Reuters
Powered by NewsLook.com
Robots Get Funky on the Dance Floor

Robots Get Funky on the Dance Floor

AP (Oct. 29, 2014) Dancing, spinning and fighting robots are showing off their agility at "Robocomp" in Krakow. (Oct. 29) Video provided by AP
Powered by NewsLook.com
IBM Taps Into Twitter's Data With New Partnership

IBM Taps Into Twitter's Data With New Partnership

Newsy (Oct. 29, 2014) The new partnership will allow IBM to access Twitter’s data and analytics to help IBM clients better understand their consumers. Video provided by Newsy
Powered by NewsLook.com
Google To Use Nanoparticles, Wearables To Detect Disease

Google To Use Nanoparticles, Wearables To Detect Disease

Newsy (Oct. 29, 2014) Google X wants to improve modern medicine with nanoparticles and a wearable device. It's all an attempt to tackle disease detection and prevention. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins