|
|
|
|
|
|
by moyix
3618 days ago
|
|
|
Once a rootkit is installed, it can completely bypass system call monitors in all sorts of ways – communicating with a kernel component via a shared user/kernel memory page, or adding a new device and communicating using custom ioctls, or "backdooring" an existing system call when some userland parameter is set to a magic value, or ... I am not at all confident that one could find such malware without human intervention. |
|
|