Dear Readers, We would like to present you second episode of CynjaSpace....
Rootkits Hidden in Hardware of PC by Anibal Sacco
Let’s think like an attacker for a second. There are multiple applications dedicated to find malicious code both in user and in kernel space. So new places have to be found to deploy your code while keeping it stealthy.
TDSS aka TDL – Chronology by Eugene Melnichenko
An attempt could have been made to reconcile the inconsistencies shown above; however, the rootkit uses several kernel threads to check if rootkit hooks are present and to restore them if required.
How to Write a Good Rootkit: a Different Approach by Valerio Lupi
You can hide your startup registry key (depending on how do you autostart your DLL which needs to be reinjected in EXPLORER.EXE at login time) by not creating the registry key at all, and doing that at shutdown only (catching the WM_QUERYENDSESSION/WM_ENDSESSION message in your rootkit core).
Detecting Security Intrusions: Kernel-mode Rootkits by Pablo Bravo
The proposed technique detects any software module (rootkit) which patches the System Service Description Table or manipulates the process list in Windows systems in order to hide processes. The main idea is to gain execution when the code or data of the operating system is being patched.
Strong Approach to Hardware-VM Rootkits Detection by Igor Korkin
Trusted platform module (TPM) application cannot save the situation as the VMM can emulate TPM. The fact that a malware VMM can be loaded from BIOS and survive program updates of the BIOS, aggravates the situation.
The Darkness of Social Exploitation by Rakesh Sharma
The biggest cyber threat is people not understanding the value of information. It might sound simplistic but that is really all it is. There is a darkness in everyone, the people who understand the power of information, know exactly how dangerous it can be when put to misuse.
Basic Facebook Privacy Breeches by Jose Ignacio Orlicki
Besides native privacy issues, as any web page FB has been a target of cross-site scripting (XSS), SQL code injection, phishing and any attack imaginable for the web vector. Most of the vulnerabilities are available not directly through FB but through the FB platform.
Analysis of ‘IM’ Spreading Techniques by Joseph Foulds
There should be greater pressure for instant message service providers to develop prevention systems to ensure that their services are not abused in order to facilitate the spread of malware. Although some malware samples do have primitive or even moderately advanced IM spreading techniques, we are yet to see any samples ‘in the wild’.