When Malware Meets Rootkits
Click here to download now
Overview: Rootkits are usually divided in two categories: user-mode rootkits that work in Ring 3 mode and kernelmode rootkits that operate in Ring0. The latter represents a more sophisticated piece of code, which requires lot of programming knowledge and familiarity with the Windows kernel. Kernel-mode techniques are very powerful and the most advanced rootkits are able to subvert the Windows kernel and hide files, folders, registry keys, ports and processes. This type of rootkit needs to operate as a system driver to manipulate the kernel because this interaction requires Ring0 privileges, which are not available for normal executables in userland space.