'Nice Boots' - A Large-Scale Analysis of Bootkits and New Ways to Stop Them
| Autor: | Christian Platzer, Bernhard Grill, Andrei Bacs, Herbert Bos |
|---|---|
| Přispěvatelé: | Computer Systems, Network Institute, Systems and Network Security |
| Předmět: | |
| Zdroj: | Vrije Universiteit Amsterdam Proceedings of DIMVA'2015 Detection of Intrusions and Malware, and Vulnerability Assessment ISBN: 9783319205496 DIMVA Grill, B, Bacs, A, Platzer, C & Bos, H J 2015, "Nice Boots"-A Large-Scale Analysis of Bootkits and New Ways to Stop Them . in Proceedings of DIMVA'2015 . |
| Popis: | Bootkits are among the most advanced and persistent technologies used in modern malware. For a deeper insight into their behavior, we conducted the first large-scale analysis of bootkit technology, covering 2,424 bootkit samples on Windows 7 and XP over the past 8 years. From the analysis, we derive a core set of fundamental properties that hold for all bootkits on these systems and result in abnormalities during the system's boot process. Based on those abnormalities we developed heuristics allowing us to detect bootkit infections. Moreover, by judiciously blocking the bootkit's infection and persistence vector, we can prevent bootkit infections in the first place. Furthermore, we present a survey on their evolution and describe how bootkits can evolve in the future. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|