Computer Researchers Develop Approach To Block Most Insidious Forms Of Malware

November 3, 2009 9:54 a.m. EST

Raleigh, NC (AHN) - Business and personal computers are subject to malware or computer viruses, which is a growing problem that can lead to crashed computer systems, stolen personal information, and billions of dollars in lost productivity every year. However, researchers have found a new way to block rootkits one of the most insidious types of malware from taking over a computer and stealing information from a computer without a user's knowledge.

A recent Internet security threat report showed a dramatic 1,000 percent increase in the number of new malware signatures from to 2008. Of these malware programs, "rootkits are one of the stealthiest," says Dr. Xuxian Jiang, assistant professor of computer science at North Carolina State University and a co-author of the research study.

"Hackers can use rootkits to install and hide spyware or other programs. When you start your machine, everything seems normal but, unfortunately, you've been compromised," Jiang said in a press statement.

Rootkits typically work by hijacking a number of "hooks," or control data, in a computer's operating system.

"By taking control of these hooks, the rootkit can intercept and manipulate the computer system's data at will," Jiang said, "essentially letting the user see only what it wants the user to see."

As a result, the rootkit can make itself invisible to the computer user and any antivirus software. Furthermore, the rootkit can install additional malware, such as programs designed to steal personal information, and make them invisible as well, he explained.

In order to prevent a this takeover of the computer's operating system researchers determined that all of an operating system's hooks need to be protected. However, Internet security experts say the challenge it poses is that an operating system may have tens of thousands of hooks - any of which could potentially be exploited for a rootkit's purposes.

Further adding to computer security expert's challenges is that the hooks might be spread throughout a system. Jiang believes her team's research leads to a new way that can protect all the hooks in an efficient way, by moving them to a centralized place and thus making them easier to manage and harder to subvert.

Jiang explains that by placing all of the hooks in one place, researchers were able to simply leverage hardware-based memory protection, which is now commonplace, to prevent hooks from being hijacked. Essentially, they were able to put hardware in place to ensure that a rootkit cannot modify any hooks without approval from the user.