Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Rootkit info and detection apps

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 25 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Tue Nov 08, 2005 11:45 pm    Post subject: Rootkit info and detection apps Reply with quote

Since rootkits are in the news recently, and a lot of people don't know much, if anything, about rootkits, I thought I'd post some info and a list of rootkit detection apps.

Basic Information

Quote:

Definitions:

from: TechTarget ~ rootkit
http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci547279,00.html

Quote:
A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a hacker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.


Other excellent articles here with a lot more detailed technical information:

Wikipedia: Rootkit
http://en.wikipedia.org/wiki/Rootkit

What are user-mode vs. kernel-mode rootkits?
http://searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_gci1086469,00.html

Rootkits in the Wild

In anti-spyware forums like this one, rootkit technology is sometimes found with spyware and/or trojans, backdoors and RATs (remote access tools). One spyware company, Enternet Media, has been documented to use rootkit technology to hide the presence of their spyware. Enternet Media is the company responsible for SearchMiracle/Elitebar spyware.

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090724
http://www.f-secure.com/v-descs/elitebar.shtml

A screenshot of a rootkit revealer log showing Elitetoolbar can be seen in this link:

http://netrn.net/spywareblog/archives/2005/10/12/whos-your-daddy/

Note: the Federal Trade Commission shut down the company behind Elitetoolbar in Nov. 2005:

http://www.ftc.gov/opa/2005/11/enternet.htm

Another adware/spyware company notorious for using rootkits to protect its software exited the adware market at the start of 2006:

http://www.techweb.com/showArticle.jhtml?articleID=187202232

Rootkits have been found on machines with Rbot and SDbot and keyloggers.

http://www.dslreports.com/forum/remark,14493487
http://www.dslreports.com/forum/remark,13680927
http://spywarewarrior.com/viewtopic.php?t=16103

Presumably the rootkit is used to hide the trojans which can be used by the attacker to take total control of a machine while the keyloggers transmit information back to the attackers including passwords and data from the infected machine. An ugly situation at best. In cases like this I think the safest thing for a user to do is format and reinstall because there is no way to tell how severly the machine has been compromised and what dangers may lurk inside, even if the trojans and rootkit files are removed, if they can even be removed.

Here's an example where format and reinstall was advised on a severely compromised network computer:
http://spywarewarrior.com/viewtopic.php?t=16273


Applications

Here's a list of rootkit detection apps, copied from Eric Howes' website ( http://www.spywarewarrior.com/uiuc/soft5.htm#rootkit ):

Quote:

Aries Rootkit Remover (Lavasoft)
http://www.lavasoftusa.com/software/rootkit/

Archon Scanner
http://x-solve.com/blog/

Anti-Hook
http://www.security.org.sg/code/antihookexec.html

AVG Anti-Rootkit Beta
http://beta.grisoft.cz/beta/

Avira Rootkit Detection Beta
http://betatest.avira.com/beta/index.php?lang=en

BitDefender RooKit Uncover Beta
http://beta.bitdefender.com/login.php

Blacklight
http://www.f-secure.com/blacklight/

DarkSpy
http://www.fyyre.net/~cardmagic

GMER
http://www.gmer.net/

Helios
http://helios.miel-labs.com/

HiddenFinder
http://www.wenpoint.com/download/download.php

HookAnalyzer
http://www.resplendence.com/hookanalyzer

HookExplorer
http://labs.idefense.com/labs-software.php?show=19

IceSword
http://xfocus.net/tools/200505/1032.html

InvisibleThings.org
http://invisiblethings.org/tools.html

Microsoft - Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx
or http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Process Master
http://www.backfaces.com/download/

RKDetector
http://www.rkdetector.com/

RKUnHooker
http://www.rkunhooker.narod.ru/
or http://www.sysinternals.com/Forum/forum_posts.asp?TID=962&PN=1&TPN=5

Rootkit Hook Analyzer
http://www.resplendence.com/hookanalyzer

RootkitRevealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html

RootKitShark
http://www.advances.com/software/rootkitshark.htm

Sophos Anti-Rootkit
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

UnHackMe
http://www.greatis.com/unhackme/index.html

Last Updated: 27 Aug. 2006


Note these tools should be used with the guidance of an experienced malware removal expert or advanced user. Some anti-spyware apps have added rootkit detection, Spy Sweeper for one, and there may be others I'm not aware of yet.

More Information

Quote:

Other sites for rootkit information:

Microsoft Research (Strider)
http://research.microsoft.com/rootkit/

Microsoft webcast on rootkits:
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032274950&EventCategory=5&culture=en-US&CountryCode=US

Rootkits in the news:
http://www.eweek.com/article2/0,1759,1816972,00.asp
http://www.eweek.com/article2/0,1759,1829744,00.asp
http://www.eweek.com/article2/0,1895,1841266,00.asp
http://www.eweek.com/article2/0,1895,1896605,00.asp
http://www.eweek.com/article2/0,1895,1912303,00.asp
http://www.eweek.com/article2/0,1895,1936666,00.asp
http://www.eweek.com/article2/0,1895,1945808,00.asp
http://www.eweek.com/article2/0,1895,1983037,00.asp
http://news.com.com/2100-7349_3-6061878.html

AIM worm drops rootkit and more:
http://blogs.zdnet.com/Spyware/?p=687

Sony's DRM rootkit:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://www.sysinternals.com/blog/2005_11_01_archive.html
http://www.techreview.com/read_article.aspx?id=16812&ch=biztech

PestPatrol will detect and remove Sony's rootkit:
http://blogs.zdnet.com/Spyware/?p=698
Pest Patrol may not properly remove XCP rootkit, see this post for more info

Microsoft Removal of XCP rootkit (called WinNT/F4IRootkit by them)
http://blogs.technet.com/antimalware/archive/2005/11/17/414741.aspx

Windows rootkits come of age (intv. w/ Hoglund & Butler)
http://www.securityfocus.com/columnists/358

VirusList: Rootkits and how to combat them
http://www.viruslist.com/en/analysis?pubid=168740859

Windows Rootkits of 2005 (3 parts):
http://www.securityfocus.com/infocus/1850
http://www.securityfocus.com/infocus/1851
http://www.securityfocus.com/infocus/1854

Debating the legitimacy & definition of rootkits:
http://insight.zdnet.co.uk/0,39020415,39237277-1,00.htm
http://sunbeltblog.blogspot.com/2005/11/rootkits-are-not-acceptable-under-any.html
http://www.eweek.com/article2/0,1895,1910077,00.asp
http://www.eweek.com/article2/0,1895,1910240,00.asp
http://www.pcworld.com/resource/article/0,aid,124365,pg,1,RSS,RSS,00.asp
http://www.sysinternals.com/blog/2006/01/rootkits-in-commercial-software.html
http://www.rootkit.com/newsread.php?newsid=504

The "Blue Pill" Controversy
http://www.networkworld.com/news/2006/080406-microsoft-blue-pill.html
http://sunbeltblog.blogspot.com/2006/08/little-blue-pill-big-black-hat.html
http://www.virtualization.info/2006/08/debunking-blue-pill-myth.html

The ultimate rootkit site:
http://www.rootkit.com/

The ultimate anti-rootkit site:
http://www.antirootkit.com/

CastleCops forum: Rootkit Revelations
http://www.castlecops.com/f233-Rootkit_Revelations.html

Rootkit Research: InvisibleThings
http://www.invisiblethings.org/

Last Updated: 13 Aug. 2006


Anyone who finds this helpful is welcome to post it at their own site or other sites. A link back here would be nice. Smile
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile


Last edited by suzi on Fri Nov 18, 2005 10:01 am; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website
BillB
Junior Member


Joined: 25 Sep 2004
Last Visit: 05 Nov 2013
Posts: 10
Location: Right in the Middle of the USA

PostPosted: Wed Nov 09, 2005 8:37 am    Post subject: Reply with quote

Great consolidated reference, Suzi - Thanks.
Back to top
View user's profile Send private message
hornet777
Warrior Guru


Joined: 28 Oct 2005
Last Visit: 20 Oct 2009
Posts: 458

PostPosted: Wed Nov 09, 2005 1:03 pm    Post subject: Reply with quote

I'll second that on both counts, suzi. Very Happy
Back to top
View user's profile Send private message
BillB
Junior Member


Joined: 25 Sep 2004
Last Visit: 05 Nov 2013
Posts: 10
Location: Right in the Middle of the USA

PostPosted: Wed Nov 09, 2005 2:34 pm    Post subject: Reply with quote

Here is Slashdot.org's list of affected Sony/BMG disks.
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 21 Sep 2014
Posts: 3913
Location: California

PostPosted: Fri Nov 18, 2005 1:06 am    Post subject: Reply with quote

Updated link on Sony Rootkit from The sysinternal main blog page to the 1st blog post on it

Added disclaimer to Computer Associates removal of rootkit. According to Mark R all of the AV companies that remove the XCP rootkit don't actually remove it but only decloak the Aries.sys driver. the method of removal is not recommended by him.

Quote:
Unfortunately, there has been some confusion with regard to the level of cleaning that antivirus (AV) companies are providing for the rootkit. Some articles imply that AV companies remove all of the Sony DRM software in the cleaning process, but they are in fact only disabling and removing the Aries.sys driver that implements the rootkit cloaking functionality. Unfortunately, all of the AV cleaners I’ve looked at disable it improperly by unloading it from memory - the same way Sony’s patch behaves - which as I noted previously, introduces the risk of a system crash. While they post disclaimers on their web sites to that effect, they should use the safe alternative that I described a couple of posts ago, which is to delete the rootkit’s registration from Windows so that it won’t activate when Windows boots:
See this post for more info.

Added link for Microsoft removal of XCP rootkit. Microsoft Antispyware with November 17th update numbered 5777 will detect and remove the rootkit. It may take more than one scan to do so, but it will remove all of the rootkit. The DRM software will remain, but no rootkit.
Back to top
View user's profile Send private message
Munch
Warrior


Joined: 07 Mar 2005
Last Visit: 23 Mar 2007
Posts: 68

PostPosted: Fri Nov 18, 2005 7:53 am    Post subject: Reply with quote

Found this while digging. It's an excellent article and a must read for anyone interested in rootkits, it also compliments Suzi's article nicely.
It talks alot about how rootkits work, how not all rootkits are bad, how new ones are hiding, some of the tools available today and how they work against rootkits. I found it particularly interesting at the end of the article it discusses how new ones are attaching themselves to video memory. Never thought I would have to throw away a video card because it was infected with something.

The article is entitled "Why rootkits mean you must nuke your machine" from ZDNetUK Here is the article.
_________________
Munch
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 25 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Sat Nov 19, 2005 1:11 am    Post subject: Reply with quote

I've stated a series on rootkits at Spyware Confidential blog.

http://blogs.zdnet.com/Spyware/?p=706

Munch, I wrote some comments there about the article you refer to. I agree that its a good article but there's one thing I really disagree with in there.

You'll have to read my blog at ZDNet to see more... Smile

Edit to add: This is good reading about the ZDNet article too.

http://sunbeltblog.blogspot.com/2005/11/rootkits-are-not-acceptable-under-any.html
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Munch
Warrior


Joined: 07 Mar 2005
Last Visit: 23 Mar 2007
Posts: 68

PostPosted: Sat Nov 19, 2005 7:07 am    Post subject: Reply with quote

I read your blog entry Suzi, as well as the article on Sunbelt and yes I do agree that if a rootkit is disclosed then by definition it really isn't a rootkit at all. I wasn't trying to downgrade the seriousness of the situation, but merely pointing out that the article on ZDNet.uk shows yet another opinion from a slightly obscure point of view. I think I might have been misunderstood. This is why in my post I said it compliments your article nicely (I meant your ZDNet blog entry) It does go a little more into depth on a rootkit which is why I posted it for people wanting to learn more, that was all. Wink
Sorry for the confusion.
Very Happy
_________________
Munch
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 25 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Sat Nov 19, 2005 2:03 pm    Post subject: Reply with quote

No problem, I probably wasn't clear on my last post. I think the ZDNet article is excellent, too, and has some great info.

But I still highly disagree with the thought that "a rookit isn't a rootkit if disclosed". The fact that it's disclosed doesn't change the the risk factors associated with it. I honestly can't think of a situation where the use of a rootkit would be acceptable even if disclosed. It brings up a lot if issues - what about consent? Do we want to de-sensitize users to the implications of using a rootkit?

I think this is a great topic for more discussion and I'd like to know what others think.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Munch
Warrior


Joined: 07 Mar 2005
Last Visit: 23 Mar 2007
Posts: 68

PostPosted: Sat Nov 19, 2005 2:35 pm    Post subject: Reply with quote

I agree no rootkit is acceptable, however I also think that catching Sony in the act was by chance, how many other companies have done something similiar that we don't know about? And what is stopping others or our own government from using the same technology to monitor us, if they haven't already.
Any government officials reading that last comment pay no attention to it and disregard it Wink

Crap, now I have to do a scan for rootkits.
_________________
Munch
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
FBJ
Newbie


Joined: 20 Feb 2004
Last Visit: 25 Dec 2005
Posts: 1

PostPosted: Sun Nov 20, 2005 1:39 pm    Post subject: Reply with quote

Thank you suzi for making this fine resource. I still haven't read it all - you know, one link leads to another etc.

Can I suggest you add RootKitty to the list of tools. Strider Ghostbuster is mentioned in one of your links (http://research.microsoft.com/rootkit/) and especially the technic of comparing scans from inside and outside the box is explained and highlighted as the way ahead. Rootkitty is part of UBCD4Win and using this you are able to do exactly the same - do a windows scan from inside the box, do a PE-scan from outside the box and compare the two. Rootkitty only scans for files (not registry) since the author finds that deleting the files will bring the rest out in the open but still it does a good job. Rootkitty is a work in progress as I understand it - version is 1.x.

http://www.ubcd4win.com
http://tinyurl.com/93frf (the rootkitty forum)

I realize that it's somewhat cumbersome to build a UBCD4Win and that it's doesn't provide a one-click solution from inside Windows, but it seems to be a relevant technic.

Cheers
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 25 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Tue Dec 06, 2005 9:58 pm    Post subject: What does a rootkit look like? Reply with quote

Blogged here:

http://blogs.zdnet.com/Spyware/?p=717

Hint - it's a trick question.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 25 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Wed Dec 14, 2005 11:46 pm    Post subject: Reply with quote

Another blog post on rootkits:

http://blogs.zdnet.com/Spyware/index.php?p=725
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
physics223
Junior Member


Joined: 24 May 2005
Last Visit: 15 May 2010
Posts: 39

PostPosted: Fri Jan 20, 2006 8:13 am    Post subject: Reply with quote

Now Sony's rootkit is evil. Not only is it insidious, it also can't be uninstalled the easy way. To go this far to prevent piracy? To use subterfuge to protect its money?

Damn. This HAS gone too far.
Back to top
View user's profile Send private message
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Jan 22, 2006 7:28 am    Post subject: Reply with quote

IMO Once a Pc is suspected or confimed as having RK(s) installed then the only way to ever guarantee the PC's integrity again is to reformatt&reinstall.
Since it has been shown that even finding these nasty little cloaks and removing them runs the risk of borking your 'puter Sad

IMO best way to deal with RK's is not to let them install in the first place inorder to have to deal with them and their potential payloads.Here are 2 softwares that are both very capable of stopping them dead in their tracks before they go live if used properly Smile

BoClean>>>
http://www.nsclean.com/boclean.html

Process Guard>>>
http://www.diamondcs.com.au/processguard/
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Feb 05, 2006 2:33 am    Post subject: Reply with quote

Cool With reguards to the sony BMG RK only and its uninstallation etc i've found this excellent writeup(Blogg entry) by the Lavasoft employee who wrote their "Aries" RK removal tool>>>
http://www.lavasoft.de/wordpress/?p=57

Evil or Very Mad The researcher highlights the problem ahead when the malware authors start properly coding their RK's etc and also the risks involved when removing RK's Crying or Very sad
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
Oldfrog
Site Admin


Joined: 08 Aug 2004
Last Visit: 09 Feb 2013
Posts: 1161
Location: Hewitt, TX

PostPosted: Sun Jul 23, 2006 9:18 am    Post subject: Reply with quote

A good set of articles on rootkits.

Windows rootkits of 2005, part one
This three-part article series looks at Windows rootkits indepth. Part one discusses what a rootkit is and what makes them so dangerous, by looking at various modes of execution and how they talk to the Windows kernel.
By: James Butler, Sherri Sparks 2005-11-04
http://www.securityfocus.com/infocus/1850


Windows rootkits of 2005, part two
This three-part article series looks at Windows rootkits indepth. Part two focuses on the latest cutting edge rootkit technologies that are used to hide malicious code from security scanners.
By: James Butler, Sherri Sparks 2005-11-17
http://www.securityfocus.com/infocus/1851


Windows rootkits of 2005, part three
The third and final article in this series explores five different rootkit detection techniques used to discover Windows rootkit deployments. Additionally, nine different tools designed for administrators are discussed.
By: James Butler, Sherri Sparks 2006-01-05
http://www.securityfocus.com/infocus/1854
Back to top
View user's profile Send private message Visit poster's website
Moore
Moderator


Joined: 31 May 2004
Last Visit: 16 Jun 2014
Posts: 758
Location: °°.MooreLand.°°

PostPosted: Tue Aug 01, 2006 7:12 am    Post subject: Reply with quote

A few more links Smile

Rootkit evasiveness: malware's best friend, Windows' worst enemy :
http://www.agnitum.com/news/securityinsight/issues/july2006

What are user-mode vs. kernel-mode rootkits:
http://searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_gci1086469,00.html

http://www.antirootkit.com/

Bit more info in last post here :
http://www.spywarewarrior.com/viewtopic.php?t=10027
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 25 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Wed Aug 23, 2006 8:35 am    Post subject: Reply with quote

CastleCops has a rootkit forum with a lot of information.

http://www.castlecops.com/f233-Rootkit_Revelations.html
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Sep 10, 2006 12:41 am    Post subject: Reply with quote

Rootkits for the bigginer article @CC

http://wiki.castlecops.com/Rooting_Out_the_Dangers:_Rootkit_Removal_for_Beginners

Now there's a contradiction in terms although the science is somewhat simplified in the article.

I'm still standing by the theory that if a RK is suspected then the system needs reinstalling to undo all possible issue's.

Its apparent that all the anti RK softwares are oin the same boat as the definition based vendors in the sense that everytime a new flavour(family) of rootkits are spawned there having to rewrite their software routines and release upgraded software inorder to keep up with emerging threats.

The best possible way to deal with rootkits is not to let them install in the first place(proactive prevention) as opposed to relying on software to undo damage once the rootkit has embedded on the 'puter.
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
kao321
Warrior


Joined: 26 May 2006
Last Visit: 14 Dec 2007
Posts: 183

PostPosted: Sat Oct 28, 2006 8:08 pm    Post subject: Reply with quote

According to Mcafee Siteadvisor, The website you download IceSwords at has downloads that have adware or something in them.

Here is a description:

http://www.siteadvisor.com/sites/xfocus.net?ref=safesearch&aff_id=0&suite=false

I'm not sure if this is true, but Spywarewarrior Staff should check it out. Wink
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 25 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Sun Oct 29, 2006 10:59 am    Post subject: Reply with quote

kao321,

I believe this comment on the page is correct:

Quote:
xfocus.net is a security-related website,so sometime you may expect to see some so-called "unwanted programs" which are actually benign securty softwares. -yiming


SiteAdvisor has red-flagged a number of security related websites, sometimes due to links in HijackThis logs, in fact. There is a discussion about it here somewhere.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
EASTER
Warrior


Joined: 08 Mar 2005
Last Visit: 01 Feb 2007
Posts: 220
Location: Far Moon Of Endor

PostPosted: Sun Oct 29, 2006 7:07 pm    Post subject: Reply with quote

Nice informative heads up. Stealth programmers are pressing students to invent more methods yet to be passed around be it for study or confiscated from the web by the less scrupilous who take them and make a mix of malware they want to conceal for web/program releases.
_________________
*******************


THE FORCE IS VERY STRONG IN THIS FAMILY!

Back to top
View user's profile Send private message Send e-mail Visit poster's website
nx42qr7
Warrior


Joined: 22 Apr 2007
Last Visit: 08 Sep 2014
Posts: 86

PostPosted: Sat Apr 28, 2007 7:26 am    Post subject: Reply with quote

The alarming nature that a rootkit conjures is not entirely mis-leading.There is a very capable explanation and presentation broadcast dated for October 13,2005-Series Entitled- Security Now! Episode: #9-"Rootkits" Speakers: Steve Gibson & Leo Laporte Source File: http://media.GRC.com/sn/SN-009.mp3 File Archive: http://www.GRC.com/securitynow.htm. This information was not only informative it allowed for the need to know that much more If any are interested there is a book entitled "Subverting the Windows Kernal-"Rootkits" by Greg Hoglund and James Butler published by Addison Wesley.A mild idea from chapter 3,The Hardware Connection- "One Ring to rule them all,One ring to find them,One ring to bring them all and in the darkness bind them."-The Fellowship of the Ring, J.R.R. Tolkien
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group