Rootkit?

I have some questions about Rootkits. So far I have never found any info stating Rootkits do anything positive to our computers. If these Rootkits are so malicious to our systems; why are these people allowed to develop them without getting in trouble?

The only positive I do see, is to test our security programs for holes. I don't have the knowledge most people have at this forum, so I thought this would be the best place to ask.

Thanks for all your comments!

 

The best place is <snip>


edited to remove link to malware development site - Detox

 

Sorry but the certificate for <snip> could not be validated. Maybe I'm in the wrong section of the forum, but surely Rootkits can be discussed somewhere in this forum.

edited to remove link to malware development site - Detox

 

Your in the right section of the forum, you just have to wait for the other rootkit experts here to find your thread.

But to try to answer your first question, why are rootkits allowed to be developed? Well, I guess it's something like freedom of speech. They are allowed to develop these things because on the site they claim they're only for testing purposes, or something along those lines.

Also I think it's good business for the anti-malware companies if these guys stay in business. Really, on at least one level sites like rootkit.com are helpful because they openly discuss these rootkit projects, so we can see what's going on in SOME of the latest developments with rootkits. Would you rather these things remain completely secret?

If your looking for software to detect rootkits, UnHackme, Blacklight beta & RootkitRevealer are all some good rootkit detectors. There are others too, but I am very cautious myself about using or downloading any of them, because you never know what you might be getting.

 

I was just trying to understand more about them, thats all. I read somewhere about a program called Icesword that is supposedly able to detect HD, Copycat.

 

Icesword supposedly can detect the new "brilliant" version of HD which makes it different from the others......but UnHackMe can also detect all other versions of HD (although not the latest "brilliant version as of yet). Not sure about Blacklight (although I believe that it is similar to UnHackMe, maybe just not quite as advanced)......

 

The current IceSword, 1.12, cannot detect the current HD-Brilliant, but Icesword 1.14 is due to be released...and the cat-and-mouse game will go on. A short but interesting interview published yesterday: Windows rootkits come of age.

Nick

 

I could be wrong since I have not used rootkit revealer for a while now but I don't think it has any cleaning ability.

I can say The present version of IceSword does have many more features then just detection and it a very simple program to use. Yes it does have a quick button that takes you to your registry, which is not that hard to do anyway LOL

BUT it has a powerful process viewer, kernel viewer and process and modual killer.

I guess I am looking forward to the next release. I think I will include a screenshot later.

controler

 

A screenshot sounds good Controler! I'd like to see it myself.

 

Thie does not show the lower options.

 

Guess the size limit , limited me from posting a better shot.

 

Awsome controler! Where did you find it? Is it FREE?

 

There is so much malware that it takes a lot of specialized programs to secure one's system.
Having said that, is there a single person here that has been infected or attacked by a rootkit?

I sometimes wonder if we are not paranoid. Sure it is better to err on the side of safety. However, I know a lot of people who have and use computers, and probably not one could define a rootkit, or has been infected by a rootkit.

Jerry

 

Hi Rilla927,


IceSword_en1.12.rar

http://xfocus.net/tools/200509/1085.html


StevieO

 

Jerry M


Yes I have been infected intentionaly but not sure if I ever had been by accident. ( except maybe rootkit.com )
BoOrfice was one of the fisrt rootkits I hear.
I think the current fear is some are being used in maleware.

I don't know if the link is still there but a while back I was browsing rootkit.com
and was reading a blog there. From that blog I linked to a users site to download a program. I was hit by a driveby. I think this had small rootkit attached.
Drivebys are nothing new but most in the past and still today use browser weakness.

 

controler,
Thabnks for the reply.

Regards,
Jerry

 

Rilla 927,

Samurai also removes existing rootkits as well as prevent new ones from being instaled.

 

@StevieO

Thanks for link!

@Arup

I knew it had something for a rootkit, but didn't know exactly what. Wow, that's a trip! I am so glad you told me that. I sure hope those two programs (Samurai and Harden-It) work on my computer. It's a newer AMD 64 FX-53.

That would make me a Happy Camper!

 

Rilla,

They will fly on the AMD, no fears.

 

Arup, you made me feel even better!

Thanks so much.