Database on Rootkit Behaviors

Discussion in 'malware problems & news' started by victor43, May 20, 2013.

Thread Status:
Not open for further replies.
  1. victor43

    victor43 Registered Member

    Joined:
    Nov 4, 2009
    Posts:
    32
    Would anyone know of any on-line sites that give full details of what the rootkit does ? I would like to search for all rootkits that are in existence to learn of their behaviors. Would there be any website that would disclose this kind of information ?

    Thanking you
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  3. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Go lurking at kernelmode.info. No database but a forum.
    They offer plenty info on most recent rootkits; samples, analysis etc.
    Look for posts by forum starter/member EP_XOFF for pointers.

    edit:
    Also, check out security software vendor blogs (like ThreatPost from Eset), they sometimes offer in-depth analysis of different malware, often also rootkits/bootkits.
    -Mind you, after signing up at kernelmode.info, you'll be able to download linked 'attachments'; samples of all kinds of malware.
    If you're planning on downloading/executing stuff, make sure to use a separate test-pc/notebook in a test environment; not connected to the usual network; be a bit careful with what you can find there.
     
    Last edited: May 20, 2013
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ TheKid7

    Nice list :)

    I second Baserk's kernelmode suggestion :thumb:
     
  5. victor43

    victor43 Registered Member

    Joined:
    Nov 4, 2009
    Posts:
    32
    Thanks to everyone I appreciate the replies. Victor.
     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Baserk - THANK YOU for the kernelmode link. It's nice to know there's an alternative to the Sysinternals forums, with the latter being basically empty these days.

    BTW, I'm loving what EP_XOFF has to say about certain HIPS/AV products.
     
Loading...
Thread Status:
Not open for further replies.