Table of Contents

Part 1: Malware
Chapter 1: Malware Propagation
Chapter 2: Malware Functionality
Part 2: Rootkits
Chapter 3: User-Mode Rootkits
Chapter 4: Kernel-Mode Rootkits
Chapter 5: Virtual Rootkits
Chapter 6: The Future of Rootkits
Part 3: Prevention Technologies
Chapter 7: Antivirus
Chapter 8: Host Protection Systems
Chapter 9: Host Based Intrusion Prevention
Chapter 10: Rootkit Detection
Chapter 11: General Security Practices
Part 4: Appendix
Appendix A: System Integrity Analysis: Building Your Own Rootkit Detector

About the Author

Christopher C. Elisan, a seasoned reverse engineer and malware researcher, is the principal malware scientist at RSA NetWitness. He frequently contributes expert opinion about malware, botnets, and advance persistent threats for leading publications, including USA Today, InformationWeek, and Dark Reading.



Michael A. Davis is CEO of Savid Technologies, Inc. a national technology and security consulting firm. Michael is well known in the Open Source Security industry with his porting of security tools to the Windows platforms including tools such as snort, ngrep, dsniff, and honeyd. Michael is also a member of the Honeynet project where he is working to develop data and network control mechanisms for windows based honeynets. Michael is also the developer of sebek for windows, a kernel based data collection and monitoring tool for honeynets. Michael has worked with McAfee, Inc. a leader in anti-virus protection and vulnerability management, as Senior Manager of Global Threats where he lead a team of researchers investigating confidential and cutting edge security research. Prior to McAfee, Michael A. Davis worked at Foundstone.



Sean M. Bodmer CISSP® CEH® Sean M. Bodmer is Director of Federal and Military Programs at Savid Corporation, Inc. Sean is an active Honeynet researcher specializing in the analysis of signatures, patterns, and behaviors of malware and attackers. Most notably he has spent several years leading the operations and analysis of advanced intrusion detection systems (honeynets) where the motives and intent of attackers and their tools can be captured and analyzed in order to generate actionable intelligence to further protect customer networks. Sean has worked in various Systems Security Engineering roles for various federal government entities and private corporations over the past decade in the Washington D.C. Metro area. Sean has lectured across the United States at industry conferences such as DEFCON, PhreakNIC, DC3, NW3C, Carnegie Mellon CERT, and the Pentagon Security Forum all covering the aspects of attack and attacker assessment profiling in order to identify the true motivations and intent behind cyber attacks.



Aaron LeMasters, CISSP®, GCIH®, CSTP® Aaron LeMasters (M.S. George Washington University) is a seasoned computer nerd specializing in computer forensics and vulnerability analysis. The first five years of his career were spent fighting to defend global DoD networks, and he is now a Senior Software Engineer at Raytheon. Aaron prefers to pacify his short attention span with advanced research and development issues related to Windows internals, system integrity, Reverse Engineering and Malware Analysis. He is an enthusiastic prototypist and enjoys developing tools that complement his research interests. In his spare time, Aaron plays basketball, sketches, jams on his Epiphone Les Paul, and travels frequently to New York City with his wife.