Book Review: Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
Print Issue: April 2020
By Alex Matrosov, Eugene Rodionov, and Sergey Bratus. No Starch Press; nostarch.com; 448 pages; $49.95.
The term “walking pneumonia” is a nonmedical term for a mild case of pneumonia. People can walk around, oblivious to the problem deep within their bodies. But even with a bland name like walking pneumonia, it’s still a serious disease that can have devastating effects.
Similarly, there are firms whose networks are filled with malware, yet they remain oblivious to it. In Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats, authors Alex Matrosov, Eugene Rodionov, and Sergey Bratus create a highly technical guide that can help organizations get a handle on this information security scourge.
A rootkit is malicious software that gives an attacker access to a computer that it should not have access to. Similarly, a bootkit is another type of malicious infection, but it targets the master boot record (MBR). Access to the MBR enables the bootkit to be loaded before Windows, and thus go undetected by Windows security.
Rootkits and bootkits are often written by sophisticated adversaries who make them difficult to detect and remove. The book will help the IT department cope with the malicious software.
The average Security Management reader may not be familiar with the programming code in the book, but there are descriptions and case studies that can help them understand the problem. This deep reference, jam-packed with code and technical information, will support an engineer or system administrator tasked with putting these vulnerabilities in their place.
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a senior information security specialist with Tapad, Inc.