Skip to Main Content
It can be observed that a rootkit may be used to conceal the digital rights management (DRM) software, which is aptly installed in consumers' computers to prevent unauthorized copying. In order to prevent unauthorized users from deleting the digital right management software by employing anti-rootkit tools to remove the rootkit, we develop a new driver-hidden rootkit to strengthen digital right management in this paper. The proposed driver-hidden rootkit is constructed using the technique of DKOM (Direct Kernel Object Manipulation), and have verified that it can successfully avoid a variety of well-known rootkit detectors. Our contributions are twofold. First, we can use the proposed new rootkit technology to extend the protection of the DRM software. Second, the stealth tricks of the proposed sophisticated driver-hidden rootkit can be a great inspiration to defenders who need to effectively strengthen the legitimate uses.
Date of Publication: May 2012