RootKit Detection Tools and Utilities

[optikl]

With multiple developers jumping on the bandwagon to come up with detection
tools, I'm just curious: how big a problem or prevalent are rootkits? I'm
asking because I don't know.

 

[Frederic Bonroy]

optikl a écrit :

With multiple developers jumping on the bandwagon to come up with detection
tools, I'm just curious: how big a problem or prevalent are rootkits? I'm
asking because I don't know.

It looks to me, and it seems like it's not just my opinion, that current
rootkits are essentially rehashed stealth. There is an entire book
dedicated to rootkits and stealth (Hoglund and Butler's "Rootkits") that
describes stealth techniques in detail. It's very technical, so the
average script kiddie is not likely to implement it. This said, I don't
know how prevalent stealth malware is currently.

Of course, I suppose that as an anti-virus company you can't afford not
to jump on that bandwagon, regardless of whether or not rootkits/stealth
malware actually pose a real threat.

 

[kurt wismer]

With multiple developers jumping on the bandwagon to come up with detection
tools, I'm just curious: how big a problem or prevalent are rootkits? I'm
asking because I don't know.

i think you're asking the wrong question...

i think you should be asking "how big a problem is stealth"... the so
called 'rootkits' are just a means to that end... now, take into account
the financial motivation behind malware nowadays and the free access
to 'rootkit' source code and r&d on the net, and you will probably
realize that however bad the stealth problem may be it's almost
certainly going to get considerably worse...

there will come a time when no serious commercial malware will be
without stealth technology in some form or another... free development
and free code that adds value to commercial malware - it's kind of like
free money, everyone (in the commercial black hat camp at least) will
want some of that...

 

[4Q]

i think you're asking the wrong question...

i think you should be asking "how big a problem is stealth"... the so

I think you are thinking about this the wrong way, it should be
"how big a *solution* is stealth"

called 'rootkits' are just a means to that end... now, take into account
the financial motivation behind malware nowadays and the free access
to 'rootkit' source code and r&d on the net, and you will probably

Kurt, you forgot to give a reference to an authoritative site
http://www.rootkit.com And give their book a plug too. ;]]

realize that however bad the stealth problem may be it's almost
certainly going to get considerably worse...

Or "get considerably" 'better' ;]]

there will come a time when no serious commercial malware will be
without stealth technology in some form or another... free development
and free code that adds value to commercial malware - it's kind of like
free money, everyone (in the commercial black hat camp at least) will
want some of that...

!Yeah! give it to me baby! Show me the money!!! Honey!

*throws a 500 sheet ream of paper into the air with newly
printed stolen credit card numbers* (courtesy of the
stealthy crimeware) "shall I buy a red or a blue ferrari?"
*ermmm* "can't decide! get both."


4Q