Bootkits are among the most advanced and persistent technologies used in modern malware. For a deeper insight into their behavior, we conducted the first large-scale analysis of bootkit technology, covering 2, 424 bootkit samples on Windows 7 and XP over the past 8 years. From the analysis, we derive a core set of fundamental properties that hold for all bootkits on these systems and result in abnormalities during the system’s boot process. Based on those abnormalities we developed heuristics allowing us to detect bootkit infections. Moreover, by judiciously blocking the bootkit’s infection and persistence vector, we can prevent bootkit infections in the first place. Furthermore, we present a survey on their evolution and describe how bootkits can evolve in the future.
CITATION STYLE
Grill, B., Bacs, A., Platzer, C., & Bos, H. (2015). “Nice boots!”-A large-scale analysis of bootkits and new ways to stop them. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9148, pp. 25–45). Springer Verlag. https://doi.org/10.1007/978-3-319-20550-2_2
Mendeley helps you to discover research relevant for your work.