List of Rootkit detection tools.

Discussion in 'other security issues & news' started by T772, Jan 2, 2006.

Thread Status:
Not open for further replies.
  1. T772

    T772 Guest

    http://www.omninerd.com/2005/11/22/articles/43
    * chkrootkit43 - The chkrootkit auditing scripts have been in development since 1997 and are capable of detecting rootkit signatures in binaries, log anomalies, errant network behavior and loadable kernel modules.
    * KLister44 - KLister is a collection of several tools designed to interface with the deepest internal kernel structures in order to expose rootkit code.
    * Malicious Software Removal Tool45 - This self updating tool operates in conjunction with the operating system at all levels for detecting anomalous behavior and rootkit signature hits. As a product of Microsoft, the Malicious Software Removal Tool has the advantage of utilizing unpublished, internal, hidden APIs that may not have been publicly disclosed to other tool creators.
    * PatchFinder246 - PatchFinder2 utilizes a technique called Execution Path Analysis to detect kernel and DLL rootkits. EPA puts the processor into a single-stepping debugger mode to count processor operations per function. This generates empirical evidence to compare against a known 'clean' value.47
    * Rootkit Hunter48 - Booting from a Gentoo Linux CDROM, Rootkit Hunter objectively analyzes a host system in an inert state against downloadable signatures to detect rootkits while they are dormant.
    * RootkitRevealer49 - RootkitRevealer compares the outputs of multiple APIs (such as Win32 and NativeNT) in the Windows operating system to detect discrepancies.
    * Tripwire50 - As rootkits alter the nature of original files, Tripwire is able to detect malware through the principle of Change Auditing where comparisons are made between different aspects of a known system state and the present running system.
    * VICE51 - VICE browses call tables to detect anomalous hooks that redirect function calls to a rootkit.
     
    T772, Jan 2, 2006
    #1
  2. T772

    T772 Guest

    I really recommend this link, really is a great read on how to detect and remove rootkits etc. Hope this helps, T
     
    T772, Jan 2, 2006
    #2
  3. securityx

    securityx Registered Member

    Joined:
    Dec 1, 2005
    Posts:
    149
    securityx, Jan 2, 2006
    #3
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    G1111, Jan 2, 2006
    #4
  5. T772

    T772 Guest

    Hey, Kareldjag. I have read all the info on rootkits on your site, really good stuff as well as all the other info you have put together. Thanks, T
     
    T772, Jan 3, 2006
    #5
  6. T772

    T772 Guest

    T772, Jan 3, 2006
    #6
  7. StevieO

    StevieO Guest

    StevieO, Jan 3, 2006
    #7
  8. T772

    T772 Guest

    T772, Jan 4, 2006
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...