Managed Code Rootkits
By Erez Metula
November 2010 U.S., December EMEA
Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.
- Introduces the reader briefly to managed code environments and rootkits in general
- Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
- Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios