News-Roots
Goto page 1, 2  Next
 CastleCops -> Rootkit Revelations
Author: Prince_Serendip PostPosted: Thu Jul 13, 2006 7:21 pm    Post subject: News-Roots
Here you will find the latest, and sometimes the strangest, news on Rootkits featuring our very own News-Roots Reporter wawadave. Thumbs Up

image


* Anyone can post rootkit related news here. Include a brief excerpt and the link to the full story.

(Please do not quote whole articles verbatim unless you have the written permission of the authors or publishers to do so.)

**If you want to discuss these stories, please open a seperate New Topic. Thanks.

***All posts are subject to our approval. Smile

Last edited by Prince_Serendip on Thu Jul 13, 2006 10:55 pm, edited 3 times in total
Author: wawadaveLocation: Installing Vista http://tinyurl.com/2l9qyd PostPosted: Thu Jul 13, 2006 7:37 pm    Post subject:
Hello
This is not the newest or the strangest. But the news event that brought windows rootkits into the open for all to see.

Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights ...

Yes long since after the fact. But to any newbies you should have a read and do a google you can see and learn some basics!

If anyone else has any recent news or alerts please feel free to post small exert and link to the original source web page will work fine!
Author: wawadaveLocation: Installing Vista http://tinyurl.com/2l9qyd PostPosted: Tue Jul 18, 2006 5:01 am    Post subject:
invisiblethings: Introducing Blue Pill
All the current rootkits and backdoors, which I am aware of, are based on a concept. For example: FU was based on an idea of unlinking EPROCESS blocks from the kernel list of active processes, Shadow Walker was based on a concept of hooking the page fault handler and marking some pages as invalid, deepdoor on changing some fields in NDIS data structure, etc... Once you know the concept you can (at least theoretically) detect the given rootkit.
http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html
Author: wawadaveLocation: Installing Vista http://tinyurl.com/2l9qyd PostPosted: Tue Jul 18, 2006 5:41 am    Post subject:
7/11: Backdoor.Pcclient.B Trojan Dropped by Other Trojan
Backdoor.Pcclient.B is a back door Trojan horse program with rootkit functionality that
allows a remote attacker unauthorized access to the compromised computer.

http://nl.internet.com/ct.html?rtr=on&s=1,2led,1,9bsk,9mal,9s3s,a9gz
Author: plunxLocation: Sweden PostPosted: Tue Jul 18, 2006 10:59 pm    Post subject:
The Haxdoor family....... Evil or Very Mad

They all steal passwords for mail accounts and online banking and opens
an backdoor.

http://www.f-secure.com/v-descs/haxdoor_m.shtml

http://www.f-secure.com/v-descs/haxdoor.shtml

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071214-4735-99&tabid=1


Interresting "mismatch" between security vendors and versions....


Cool
Author: wawadaveLocation: Installing Vista http://tinyurl.com/2l9qyd PostPosted: Mon Jul 24, 2006 4:35 am    Post subject:
Windows rootkits of 2005, part one
This three-part article series looks at Windows rootkits indepth. Part one discusses what a rootkit is and what makes them so dangerous, by looking at various modes of execution and how they talk to the Windows kernel.
By: James Butler, Sherri Sparks 2005-11-04
http://www.securityfocus.com/infocus/1850


Windows rootkits of 2005, part two
This three-part article series looks at Windows rootkits indepth. Part two focuses on the latest cutting edge rootkit technologies that are used to hide malicious code from security scanners.
By: James Butler, Sherri Sparks 2005-11-17
http://www.securityfocus.com/infocus/1851


Windows rootkits of 2005, part three
The third and final article in this series explores five different rootkit detection techniques used to discover Windows rootkit deployments. Additionally, nine different tools designed for administrators are discussed.
By: James Butler, Sherri Sparks 2006-01-05
http://www.securityfocus.com/infocus/1854

Thank you TRPM!!!
Author: wawadaveLocation: Installing Vista http://tinyurl.com/2l9qyd PostPosted: Mon Jul 24, 2006 4:46 pm    Post subject:
MS HIRES ROOTKIT SLEUTH
Microsoft Corp. has acquired Winternals Software LP, the company
co-founded by rootkit detective Mark Russinovich.
http://www.net-security.org/news.php?id=11758
Author: wawadaveLocation: Installing Vista http://tinyurl.com/2l9qyd PostPosted: Fri Jul 28, 2006 8:14 pm    Post subject:
Suicidal' malware threatens corporate secrets: Cybertrust

Munir Kotadia, ZDNet Australia
July 28, 2006
URL: http://www.zdnet.com.au/news/security/soa/_Suicidal_malware_threatens_corporate_secrets_Cybertrust/0,2000061744,39265027,00.htm


The latest threat to intellectual property comes in the shape of malicious software (malware) that is capable of infecting a computer, hiding itself until the user accesses specific files or Web sites -- in order to steal files or passwords -- and then deleting any trace of itself.

Speaking at the IT Security in Government Conference in Canberra on Friday, Brian Denehy, security assurance engineer at CyberTrust, told delegates that the vast majority of new malware uses "some type of stealth" or anti-forensic technology in an attempt to remain undetected before, during and after an attack.
Author: wawadaveLocation: Installing Vista http://tinyurl.com/2l9qyd PostPosted: Fri Aug 04, 2006 5:09 am    Post subject:
Some good info and links in this link.
Roootkit info and detection apps
Author: plunxLocation: Sweden PostPosted: Wed Aug 16, 2006 1:02 pm    Post subject: Patch me up-Rootkit
Hi

Maybe Off-topic....Very Happy

From F-secures weblog:

Australian band Root Kit - a favorite of ours - was the runner up in Gidol at GoogleIdol.com's Original Competition Demo. Root Kit received 4796 votes. Gidol, not affiliated with Google, holds online competitions using publicly available Google Videos.

If you have missed Root Kit's video "Patch Me Up", then you should definitely check it out at Google Video. Listen to the lyrics carefully; there's some sound security (and love life) advice in there.

http://www.f-secure.com/weblog/archives/archive-082006.html#00000949

Video.....
http://video.google.com/videoplay?docid=9151435244001559688

Cool
Author: Dragan_Glas PostPosted: Fri Aug 18, 2006 4:09 pm    Post subject: Detecting the Blue Pill Hypervisor rootkit is possible but n
Greetings,

Detecting the Blue Pill Hypervisor rootkit is possible but not trivial

Kindest regards,

Dragan Glas
Author: Prince_Serendip PostPosted: Wed Aug 23, 2006 2:41 pm    Post subject:
Just got this info from AplusWebMaster.

AplusWebMaster wrote:
FYI... something to add to the toolbag (more is better, yes?). Let me know how you make out with it:

- http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=39267346-2000061744t-10000005c
August 23, 2006
"...Sophos on Wednesday unveiled a free tool* that can scan computers for suspicious processes..."

* http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html


Regards,
Author: Prince_Serendip PostPosted: Tue Sep 19, 2006 7:07 pm    Post subject:
Researchers discover 'invisible' rootkit
Will run on Vista too

http://www.pcadvisor.co.uk/news/index.cfm?newsid=6606
Author: SimpleSum1Location: USA PostPosted: Sun Sep 24, 2006 4:36 am    Post subject:
They would commandeer a hidden section of a hard drive, zip up as many files as possible and immediately transmit the data to way stations in South Korea, Hong Kong or Taiwan before sending them to mainland China. They always made a silent escape, wiping their electronic fingerprints clean and leaving behind an almost undetectable beacon allowing them to re-enter the machine at will.

http://www.time.com/time/magazine/article/0,9171,1098961,00.html

This was the first article that lead me to learning about Rootkits. This was published last year, Sept. 5, 05.

(Copyright law allows me to excerpt any written published material for any purpose as long as it does not exceed 250 words in length and contains a reference to the author and or publisher. Does an html link constitute an acceptable reference?)
Author: Prince_Serendip PostPosted: Sun Sep 24, 2006 8:11 am    Post subject:
SimpleSum1 wrote:
Does an html link constitute an acceptable reference?


Yes, an HTML link is a valid reference online.

However, where did you get the idea that you can quote up to 250 words of a copyrighted work, without permission? Shocked

There's no provision for that in US copyright law. Please read the paragraph under #4 on this page (about Fair Use practices): http://www.copyright.gov/fls/fl102.html

My preference when referring to news articles is to state the title and provide the link. I may make comments about it in my own words. Permission is preferred when making any quotes from an article, but since this is for the purpose of both news and education, it may be considered fair use.

Note that normally we do not provide commentary such as this within the news topic thread, so if you wish to discuss this further, please open a topic in another forum such as: CastleCops Link/f1-General_Site.html

Thank you
CastleCops -> Rootkit Revelations

All times are GMT

Goto page 1, 2  Next
Page 1 of 2


Powered by phpBB © 2001 phpBB Group