Abstract
The arms race between malware developers and the anti-malware community reached a new level. Countermeasures for kernel level [60], hypervisor-based [77], and system management mode based malware [49] were proposed [25, 51, 107].
In God We Trust; All Others We Monitor.
Motto of the Air Force Technical Application Center,
Part of the Air Force Intelligence,
Surveillance and Reconnaissance Agency
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
These devices can act as bus masters, see Sect. 2.5.
- 2.
See http://www.hex-rays.com/products/ida/index.shtml [accessed 25 February 2014].
- 3.
See http://msdn.microsoft.com/en-us/windows/hardware/gg462988 [accessed 25 February 2014].
- 4.
See http://www.wireshark.org/ [accessed 25 February 2014].
- 5.
See http://www.emsisoft.com/en/software/mamutu/ [accessed 25 February 2014].
- 6.
We used the Performance API, that is available at http://icl.cs.utk.edu/papi/software/index.html [accessed 25 February 2014], to work with HPC in the described experiment.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Stewin, P. (2015). Study of a Stealthy, Direct Memory Access Based Malicious Software. In: Detecting Peripheral-based Attacks on the Host Memory. T-Labs Series in Telecommunication Services. Springer, Cham. https://doi.org/10.1007/978-3-319-13515-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-13515-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13514-4
Online ISBN: 978-3-319-13515-1
eBook Packages: EngineeringEngineering (R0)