A Brief Survey on Rootkit Techniques in Malicious Codes

Sungkwan Kim¹, Junyoung Park¹, Kyungroul Lee¹, Ilsun You², and Kangbin Yim¹*

 

¹Soonchunhyang University

Shinchang-myun, Asan-si, Republic of Korea

{carpedm, wwkim3, apple, yim}@sch.ac.kr

 

²Korean Bible University

Seoul, Republic of Korea

isyou@bible.ac.kr

 

Abstract

 

Nowadays, malicious codes are significantly increasing, leading to serious damages to information

systems. It is worth to note that these codes generally depend on the rootkit techniques to make it

more difficult for themselves to be analyzed and detected. Therefore, it is of paramount importance

to research the rootkits to effectively defend against malicious codes. In this paper, we explore and

survey the rootkit techniques both in user-level and kernel-level. Several rootkit samples are also

utilized for the test and verification purpose.

 

Keywords: rootkit, malicious codes, keyboard security

 

*Corresponding author: LISA Laboratory, Soonchunhyang University, 9418, Engineering Building, 646, Eupnae-ri,

Shinchang-myun, Asan-si, Chungcheongnam-do, Republic of Korea, Tel: +82-(0)415301741,
Web: http://lisa.sch.ac.kr

Journal of Internet Services and Information Security (JISIS), 2(3/4): 134-147, November 2012 [pdf]