Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Windows Root Kits a Stealthy Threat
Kevin Poulsen, SecurityFocus 2003-03-05

Hackers are using vastly more sophisticated techniques to secretly control the machines they've cracked, and experts say it's just the beginning.

Comments Mode:
Windows Root Kits a Stealthy Threat 2003-03-05
Anonymous
Anyone found one of these on google yet?...

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-05
Anonymous (1 replies)
Feh. Decent article, but the author blurs the distinction between user mode and kernel mode somewhat. It is possible to implement an effective rootkit without entering into kernel mode. The 'Hacker Defender' rootkit the author mentions does this.

...

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-13
Anonymous
You *can* write a rootkit in user-mode, but it won't be stealthy (compared to kernel-mode). In kernel-mode you have privileged access to the inner workings of windows. One example (given in the article) is hiding the binaries by intercepting the file io api. Another would be achieving network commun...

[ more ]  [ reply ]
Hacker Defender and NAV 2003-03-06
Anonymous (2 replies)
KLP wrote:

"Hacker Defender, oddly, is also available for download from CNET Asia ... (SecurityFocus is owned by Symantec)."

Even more oddly, Symantec's Norton AntiVirus 2003 with 3/5/03 definitions does not detect the rootkit in the zip file from CNET Asia or in the extracted files.

...

[ more ]  [ reply ]
Hacker Defender and NAV 2003-03-06
Anonymous
been using rootkits for ages as startup files on hidden systems, this is nothing new to the average joe on the FXP scene.....

[ more ]  [ reply ]
Hacker Defender and NAV 2003-03-06
Anonymous (1 replies)
McAffe does tho...

[ more ]  [ reply ]
Hacker Defender and NAV 2003-03-06
Anonymous (1 replies)
Yeah. McAfee does detect Hacker Defender.

Nice article also, thanks....

[ more ]  [ reply ]
Hacker Defender and NAV 2003-03-07
Anonymous
Well Computer Associates "InnoculateIT" product does not detect it.

The company I work for here bought 25-user license of this software and I've never seen it detect anything, which is very suspicious.

Time to migrate to McAfee/NAI Total Virus Defence, I've used it before and it seems to do wh...

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-06
TK
Extremely interesting article!! I'd like to see a detailed article about detecting these vunerabilities....

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-06
Anonymous
Oh NO! The world is ending! While I see this article bringing to light some of the threats against the Windows OS, it (the article) has buckets of FUD poured all over it.

I see more and more of this since Symantec purchased SecurityFocus....

[ more ]  [ reply ]
There is a cure, but its proactive, not reactive. 2003-03-07
Anonymous
This kernel-level security product is patent pending and only allows authenticated code to run on a machine, and has been proven at the U.S. Army Research Labs.

Process Authentication

read more at seventhknight.com...

[ more ]  [ reply ]
prevent Root Kits with Authenticated Execution 2003-03-08
Marco
Can't run any root kit when protected by SecureEXE -- check it out at www.securewave.com. ftp you hacking tools to the live test system and give it a go by yourself.

Marco...

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-09
DarkS0rcerer
What seems to me is that you are ignoring a very importing flaw in the windows root kits..lets say if you hide a folder or a file..yes you won't see it but only if you try to see it with that computer....but if you use other system to see .. you are going to see that the folder is there...

simple...

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-10
Anonymous
Would the "Depends" tool (fron the Win2K resource kit) show a rootkit dll if it were installed?...

[ more ]  [ reply ]
Absolutely probably? 2003-03-12
Anonymous
"I'm absolutely, one hundred percent positive that there's probably..."

Yes, and I'm absolutely 100% positive that it might rain today. Guess I should be a meteorologist, huh?...

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-12
Anonymous
Duh Windows could easily do this too with a little registry configuration. Its easy for driver BUT...

1) authentication schemes get cracked just like encryption schemes. So eventually virii and worms will fake legimate authentication. What does that accomplish?

2) many commercial vendors won'...

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-12
Anonymous (1 replies)
I forsee a day when OSes only boot from non-writable media into memory with physical isolation controls preventing alteration after boot (Great Shades of Microsoft!). And there will be no hooks for extensions to system level processes. You'll have to rebuild boot media to add extensions. ...

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2003-03-13
Anonymous
SURE!!! Just as soon as OS's stop evolving... ;> They are SOFTware for a reason. If they were static enough, they'd have been bolted into the BIOS already....

[ more ]  [ reply ]
Windows Root Kits a Stealthy Threat 2007-01-21
Anonymous
well, I have been called paranoid and stupid by more security people than I can count. even on those forums where they want to see the files.but what I have seen in all my pcs that got hijacked is more horrible than any file I could reproduce. at least the tech guy at symantec had the sense to be so...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus