Oracle Rootkits 2.0: The Next Generation presented at BlackhatUSA 2006

by Alexander Kornbrust,

Summary : This presentation shows the next (2.) generation of Oracle Rootkits. In the first generation, presented at the Blackhat 2005 in Amsterdam, Oracle Rootkits were implemented by modifying database views to hide users, jobs and sessions.
The next generation presented at the BH USA is using more advanced techniques to hide users/implement backdoors. Modifications on the data dictionary objects are no longer necessary so its not possible to find the new generation of rootkits by checksumming the data dictionary objects.