List of Rootkit detection tools.

Discussion in 'other security issues & news' started by T772, Jan 2, 2006.

Thread Status:
Not open for further replies.
  1. T772

    T772 Guest

    http://www.omninerd.com/2005/11/22/articles/43
    * chkrootkit43 - The chkrootkit auditing scripts have been in development since 1997 and are capable of detecting rootkit signatures in binaries, log anomalies, errant network behavior and loadable kernel modules.
    * KLister44 - KLister is a collection of several tools designed to interface with the deepest internal kernel structures in order to expose rootkit code.
    * Malicious Software Removal Tool45 - This self updating tool operates in conjunction with the operating system at all levels for detecting anomalous behavior and rootkit signature hits. As a product of Microsoft, the Malicious Software Removal Tool has the advantage of utilizing unpublished, internal, hidden APIs that may not have been publicly disclosed to other tool creators.
    * PatchFinder246 - PatchFinder2 utilizes a technique called Execution Path Analysis to detect kernel and DLL rootkits. EPA puts the processor into a single-stepping debugger mode to count processor operations per function. This generates empirical evidence to compare against a known 'clean' value.47
    * Rootkit Hunter48 - Booting from a Gentoo Linux CDROM, Rootkit Hunter objectively analyzes a host system in an inert state against downloadable signatures to detect rootkits while they are dormant.
    * RootkitRevealer49 - RootkitRevealer compares the outputs of multiple APIs (such as Win32 and NativeNT) in the Windows operating system to detect discrepancies.
    * Tripwire50 - As rootkits alter the nature of original files, Tripwire is able to detect malware through the principle of Change Auditing where comparisons are made between different aspects of a known system state and the present running system.
    * VICE51 - VICE browses call tables to detect anomalous hooks that redirect function calls to a rootkit.
     
  2. T772

    T772 Guest

    I really recommend this link, really is a great read on how to detect and remove rootkits etc. Hope this helps, T
     
  3. securityx

    securityx Registered Member

    Joined:
    Dec 1, 2005
    Posts:
    149
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
  5. T772

    T772 Guest

    Hey, Kareldjag. I have read all the info on rootkits on your site, really good stuff as well as all the other info you have put together. Thanks, T
     
  6. T772

    T772 Guest

  7. StevieO

    StevieO Guest

  8. T772

    T772 Guest

Loading...
Thread Status:
Not open for further replies.