Introducing Stealth Malware Taxonomy
by Joanna Rutkowska - from invisiblethings.org - Monday, 4 December 2006.
At the beginning of this year, at Black Hat Federal Conference, I proposed a simple taxonomy that could be used to classify stealth malware according to how it interacts with the operating system. Since that time I have often referred to this classification as I think it is very useful in designing system integrity verification tools and talking about malware in general. Now I decided to explain this classification a bit more as well as extend it of a new type of malware - the type III malware.

Before I start describing various types of malware, I would like to first define what I understand by the term malware:

Malware is a piece of code which changes the behavior of either the operating system kernel or some security sensitive applications, without a user consent and in such a way that it is then impossible to detect those changes using a documented features of the operating system or the application (e.g. API).

The above definition is actually different from the definition used by A/V industry (read most other people), as e.g. the simple botnet agent, coded as a standalone application, which does not hook OS kernel nor any other application, but just listens for commands on a legally opened (i.e. opened using documented API functions) TCP port, would not be classified as malware by the above definition. However, for completeness, I decided to also include such programs in my taxonomy and classify them as type 0 malware.

Download the paper in PDF format here.

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //