November 2003
Beginner to intermediate
672 pages
18h 40m
English
With user-mode RootKit tactics, attackers go beyond the simple backdoors we saw in Chapter 5 and the application level Trojan horses of Chapter 6. With a user-mode RootKit on your machine, the operating system is no longer under your control. Instead, the operating system becomes a dual agent, paying lip service to you, while really maintaining allegiance to the attacker. With user-mode RootKits, attackers transform the victim operating system so that it conforms to the attacker's needs, not yours. The attacker requires an operating system that will hide files, running processes, and network usage, and user-mode RootKits deliver those goods.
However, this transformation of the operating system by a user-mode RootKit is not complete. ...