Contents

Preface xxi

Chapter 1 Empty Cup Mind .......... . . ... .... .3

1.1 An Uninvited Guest 3

1.2 Distilling a More Precise Definition 4

The Attack Cyclc 5

The Role of Rootkits in the Attack Cycle 7

Single-Stage Versus Multistage Droppers 8

Other Means of Deployment 9

A Truly Pedantic Definition 10

Don't Confuse Design Goals with Implementation 12

Rootkit Technology as a Forcc Multiplier 13

The Kim Philby Metaphor: Subversion Versus Destruction 13

Why Use Stealth Technology? Aren't Rootkits Detectable? 14

1.3 Rootkits != Mai ware 15

Infectious Agents 15

Adware and Spy ware 16

Rise of the Botnets 17

Enter: Conficker 18

Malware Versus Rootkits 18

1.4 Who Is Building and Using Rootkit s? 19

Marketing 19

Digital Rights Management 20

It's Not a Rootkit, It's a Feature 20

Law Enforcement 21

Industrial Espionage 22

Political Espionage 23

Cybcrcrime 24

Who Builds State-of-the-Art Rootkits? 26

The Moral Nature of a Rootkit 26

1.5 Talcs from the Crypt: Battlefield Triage 27

1.6 Conclusions 32

V