A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of itself or certain processes/programs from normal methods of detection and enable continued privileged access to a computer. However, even though the malicious process/program can be invisible to users, internally it must have to get time slices for running, otherwise if it has no chance to get scheduled by CPU, such an existence is meaningless for malware author.
This article provides a solution to detect the malware and inspect its behaviors by monitoring each OS thread scheduling event.
Showing posts with label rootkit. Show all posts
Showing posts with label rootkit. Show all posts
Subscribe to:
Posts (Atom)