Skip to main content

Who Will Win the Game of Cat and Mouse?

June 23, 2010

I recently provided Steven Vaughan-Nichols with some information for an ITWorld article about rootkits - tools that attackers use to hide their presence on compromised systems. Pulling together my thoughts for Steven really got me thinking a lot about how rootkits started, how they’ve evolved, and what’s to be expected in the near future.

Originally, rootkits started off as replacements for system programs that might show traces of an attacker.  These replacements had additional code added into them to prevent the legitimate system owners from seeing the traces an attacker had left behind.

Companies developed software to detect the rootkits’ presence so that they could combat them. These pieces of software took simple cryptographic fingerprints of legitimate binaries and periodically compared them against the installed software.  If a single bit of the file was changed, the fingerprint was dramatically changed. As a result, these tools were extremely effective in detecting rootkits.

Unfortunately, as rootkit countermeasures matured, attackers also evolved their tools. All of the programs that could potentially show traces of attacker activity relied on a central piece of software: the kernel.  So, attackers found ways to modify the kernel to hide their traces. They were able to combat the signature-based anti-rootkit technology, which marked the start of a trend that continues to this day – the high-tech game of cat and mouse. As software has continued to evolve to meet the needs of rootkit detection by staying up-to-date with the latest trends, rootkits have continued to evolve by delving deeper into the system.  The trend went from modifications of system programs, to modifications of the kernel, all the way to modifications of the system BIOS and leveraging processor virtualization features.

Computer hardware manufacturers have been pushing Trusted Computing out incrementally over the past few years. And, Trusted Computing could turn out to be an end to the game of cat and mouse. However, if history has anything to say then it will just be another turn in the game.

Related Blogs

July 25, 2012

Anatomy of a Targeted Attack

We constantly deal with targeted attacks, and sometimes we are lucky enough to find the initial command and control mechanisms still live. On one malw...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.