Chapter 1
01010010, 01101111, 01101111, 01110100, 01101001, 01110100, 01110011, 00100000, 01000011, 01000000
Empty Cup Mind
So here you are; bone dry and bottle empty. This is where your path begins.
Just follow the yellow brick road, and soon we'll be face to face with Oz, the
great and terrible. In this chapter, we'll see how rootkits fit into the greater
scheme of things. Specifically, we'll look at the etymology of the term "root-
kit," how this technology is used in the basic framework of an attack cyclc,
and how it's being used in the field. To highlight the distinguishing charac¬
teristics of a rootkit, we'll contrast the technology against several types of
malware and dispel a couple of common misconceptions.
1.1 An Uninvited Guest
A couple of years ago, a story appeared in the press about a middle-aged man
who lived alone in Fukuoka, Japan. Over the course of several months, he no¬
ticed that bits of food had gone missing from his kitchen. This is an instruc¬
tive lesson: If you feel that something is wrong, trust your gut,
So, what did our Japanese bachelor do? He set up a security camera and
had it stream images to his cell phone. � One day his camera caught a picture
of someone moving around his apartment. Thinking that it was a thief, he
called the police, who then rushed over to apprehend the burglar. When the
police arrived, they noticed that all of the doors and windows were closed
and locked. After searching the apartment, they found a 58-year-old woman
named Tatsuko Horikawa curled up at the bottom of a closet. According to
the police, she was homeless and had been living in the closet for the better
half of a year.
The woman explained to the police that she had initially entered the man's
house one day when he left the door unlocked. Japanese authorities suspected
that the woman only lived in the apartment part of the time and that she had
been roaming between a series of apartments to minimize her risk of being
I. "Japanese Woman Caught Living in Man's Closet," China Daily, May 31, 2008.
3