{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,26]],"date-time":"2026-04-26T01:35:17Z","timestamp":1777167317445,"version":"3.51.4"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319205496","type":"print"},{"value":"9783319205502","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-20550-2_2","type":"book-chapter","created":{"date-parts":[[2015,6,22]],"date-time":"2015-06-22T01:55:06Z","timestamp":1434938106000},"page":"25-45","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["\u201cNice Boots!\u201d - A Large-Scale Analysis of Bootkits and New Ways to Stop Them"],"prefix":"10.1007","author":[{"given":"Bernhard","family":"Grill","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrei","family":"Bacs","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Platzer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Herbert","family":"Bos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,6,23]]},"reference":[{"key":"2_CR1","unstructured":"Plite bootkit. http:\/\/labs.bitdefender.com\/2012\/05\/plite-rootkit-spies-on-gamers\/"},{"key":"2_CR2","unstructured":"BIOS Rootkit: Welcome home, my Lord! (2007). http:\/\/blog.csdn.net\/icelord\/article\/details\/1604884"},{"key":"2_CR3","unstructured":"Backdoor.pihar, (2011). http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2011-120817-1417-99& tabid=2"},{"key":"2_CR4","unstructured":"Finfisher malware dropper analysis, (2014). https:\/\/www.codeandsec.com\/FinFisher-Malware-Dropper-Analysis"},{"key":"2_CR5","unstructured":"Aditya, S., Rohit, B.: Prosecting the citadel botnet revealing the dominance of the zeus descendent. In: VB (2014)"},{"key":"2_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1007\/978-3-642-37300-8_9","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Bacs","year":"2013","unstructured":"Bacs, A., Vermeulen, R., Slowinska, A., Bos, H.: System-level support for intrusion recovery. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 144\u2013163. Springer, Heidelberg (2013)"},{"key":"2_CR7","unstructured":"Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A view on current malware behaviors. In: USENIX LEET (2009)"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Bayer, U., Kirda, E., Kruegel, C.: Improving the efficiency of dynamic malware analysis. In: ACM SAC (2010)","DOI":"10.1145\/1774088.1774484"},{"key":"2_CR9","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: Ttanalyze: A tool for analyzing malware. In: EICAR 2006 (2006)"},{"key":"2_CR10","unstructured":"Dela Paz, R.: ZeuS Source Code Leaked, Now What? (2013). http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/the-zeus-source-code-leaked-now-what\/"},{"key":"2_CR11","unstructured":"Eugene Rodionov, D.H., Matrosov, A.: Bootkits: Past, Present and Future. In: VB Conference (2014)"},{"key":"2_CR12","unstructured":"Gao, H., Li, Q., Zhu, Y., Wang, W., Zhou, L.: Research on the working mechanism of bootkit. In: ICIDT (2012)"},{"key":"2_CR13","unstructured":"Giuliani, M.: Mebromi: the first bios rootkit in the wild, (2011). http:\/\/www.webroot.com\/blog\/2011\/09\/13\/mebromi-the-first-bios-rootkit-in-the-wild\/"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Grill, B., Platzer, C., Eckel, J.: A practical approach for generic bootkit detection and prevention. In: EUROSEC (2014)","DOI":"10.1145\/2592791.2592795"},{"key":"2_CR15","unstructured":"Haukli, L.: Exposing bootkits with bios emulation. Black Hat US (2014)"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Hu, X., Chiueh, T.-C., Shin, K.G.: Large-scale malware indexing using function-call graphs. In: ACM CCS (2009)","DOI":"10.1145\/1653662.1653736"},{"key":"2_CR17","unstructured":"Kaspersky Lab. Equation group: Questions and answers, (2015). https:\/\/securelist.com\/files\/2015\/02\/Equation_group_questions_and_answers.pdf"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: Subvirt: Implementing malware with virtual machines. In: IEEE S&P (2006)","DOI":"10.1109\/SP.2006.38"},{"key":"2_CR19","unstructured":"Kirat, D., Vigna, G., Kruegel, C.: Barecloud: bare-metal analysis-based evasive malware detection. In: USENIX Security (2014)"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Kirda, E., Kruegel, C.: The power of procrastination: detection and mitigation of execution-stalling malicious code. In: ACM CCS (2011)","DOI":"10.1145\/2046707.2046740"},{"key":"2_CR21","unstructured":"Krebs, B.: Carberp source code leak, (2013). https:\/\/krebsonsecurity.com\/tag\/carberp-source-code-leak\/"},{"key":"2_CR22","unstructured":"Lanzi, A., Sharif, M.I., Lee, W.: K-tracer: A system for extracting kernel malware behavior. In: NDSS (2009)"},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Li, X., Wen, Y., Huang, M., Liu, Q.: An overview of bootkit attacking approaches. In: MSN (2011)","DOI":"10.1109\/MSN.2011.19"},{"key":"2_CR24","unstructured":"Matrosov, A.: ESET - Rovnix bootkit framework updated, (2012). http:\/\/www.welivesecurity.com\/2012\/07\/13\/rovnix-bootkit-framework-updated"},{"key":"2_CR25","unstructured":"Microsoft. Kernel Patch Protection. http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/Dn613955"},{"key":"2_CR26","unstructured":"MSDN. Driver Signing. http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff544865(v=vs.85).aspx"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Platzer, C., Comparetti, M., Bayer, U.: Danubis-dynamic device driver analysis based on virtual machine introspection. In: DIMVA (2010)","DOI":"10.1007\/978-3-642-14215-4_3"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks. In: EuroSys (2006)","DOI":"10.1145\/1217935.1217938"},{"key":"2_CR29","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Information Security","author":"T Raffetseder","year":"2007","unstructured":"Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 1\u201318. Springer, Heidelberg (2007)"},{"key":"2_CR30","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Recent Advances in Intrusion Detection","author":"R Riley","year":"2008","unstructured":"Riley, R., Jiang, X., Xu, D.: Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 1\u201320. Springer, Heidelberg (2008)"},{"key":"2_CR31","unstructured":"Ross, S.: Overview of bios rootkits, (2013). https:\/\/tuftsdev.github.io\/DefenseOfTheDarkArts\/students_works\/final_project\/rschlaikjer.pdf"},{"key":"2_CR32","doi-asserted-by":"crossref","unstructured":"Rossow, C., Andriesse, D., Werner, T., Stone-Gross, B., Plohmann, D., Dietrich, C.J., Bos, H.: Sok: P2pwned-modeling and evaluating the resilience of peer-to-peer botnets. In: IEEE S&P (2013)","DOI":"10.1109\/SP.2013.17"},{"key":"2_CR33","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., Van Steen, M., Freiling, F.C. , Pohlmann, N.: Sandnet: Network traffic analysis of malicious software. In: BADGERS (2011)","DOI":"10.1145\/1978672.1978682"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Kreibich, C., Grier, C., Paxson, V., Pohlmann, N., Bos, H., van Steen, M.: Prudent Practices for Designing Malware Experiments: Status Quo and Outlook. In: IEEE S&P (2012)","DOI":"10.1109\/SP.2012.14"},{"key":"2_CR35","unstructured":"Rusakov, V., Golovanov, S.: Attacks before startup, (2014). http:\/\/securelist.com\/blog\/research\/63725\/attacks-before-system-startup\/"},{"key":"2_CR36","unstructured":"Sean, B.: First zeus, now spyeye. https:\/\/www.damballa.com\/first-zeus-now-spyeye-look-the-source-code-now\/"},{"key":"2_CR37","unstructured":"White, S.R., Kephart, J.O., Chess, D.M.: Computer viruses: A global perspective. In: Virus Bulletin International Conference (1995)"},{"key":"2_CR38","doi-asserted-by":"crossref","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. In: IEEE S&P (2007)","DOI":"10.1109\/MSP.2007.45"},{"key":"2_CR39","unstructured":"Wojtczuk, R., Tereshkin, A.: Attacking intel bios. In: BlackHat US (2009)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-20550-2_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,8]],"date-time":"2023-02-08T12:54:06Z","timestamp":1675860846000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-20550-2_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319205496","9783319205502"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-20550-2_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"23 June 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}