RKU Evil?

Discussion in 'other anti-malware software' started by LoneWolf, Jun 14, 2007.

Thread Status:
Not open for further replies.
  1. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    DS is just hitting back, he loads his argument with nothing by talking about unreal and then tries to setup RkU by mentioning backdoor and finishes with a dig at the authors. It is just another shot back in a war of words of which we should probably not take much interest in.
     
  2. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    If this is so ridiculous then famous pc magazines are ridiculous too?

    You can read this statement in several magazines, so all these individuals should be ridiculous? Ok.

    Yes, because all so called "official" guys (which in most cases are unable to eliminate real evil material)
    wants the good underground progs. But you can also give it another term if you desire.
    (But maybe you think skulls are overgrounded)

    Maybe you only experienced the sunny side of life then good luck and hopefully it will stay so.
     
    Last edited: Jun 17, 2007
  3. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    I agree to an extent, but I think there is a difference between the mudslinging and actually putting down in writing your request for a DDOS attack on another site, and offering their product RootkitUnhooker as a reward for this action. IMHO, a boundary has been crossed here. Just my two cents.

    Londonbeat
     
  4. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Yes.

    Blue
     
  5. EASTER.2010

    EASTER.2010 Guest

    This statement courtesy Meriadoc should pretty much sum up most opinions over any of that type of matter.

    And besides, perhaps you should examine ALL aspects before openly denouncing any programmer and not just focus on one heated set of exchanges when it comes to others war of words regardless of the content at the time.

    Check out rootkit.com and sysinternals forums where one of these developers of RKUnhooker is constantly helping membership and users alike in all areas of PC concerns.

    Oh, and by the way, if you bother to follow it close enough, you would see the benefit as well as courtesy from it's developer to create UnReal or any other rootkit in order to better map out EVERYTHING & ANYTHING that might would pose a real threat now and in the future and AFAIK his deep research coupled with great talent helps keep other big league commercial interests on their toes instead of the neglect we all have had to live with for so long.

    If anything if i were you i would be exceptionally grateful to them that they even bothered to come on the scene at all with such a great tool. Otherwise your own unit and plenty more would likely already be fully 0wned and you wouldn't even have a clue a backdoor or other logger was tracing your every touch on your own machine.

    Enough Said.

    Enjoy Your Security You Now Have and Then Some Thanks In Large Part To RKUnhooker's Author's Generosities.

    EASTER
     
  6. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Re on Dmitry Sokolov unperfect lies.

    Hello guys :)

    I'm here not to discuss, just to answer.

    Thanks for everyone who do not believe in Greatis Software naked lies.
    Below is a copy of part of my answer (http://forum.sysinternals.com/forum_posts.asp?TID=11093&PN=1) in the analog thread on the SysInternals.

    Dmitry Sokolov has successfully read it (this was confirmed by several users browsing sysinternals forums) and do not answer anything. Because like some others, he has only his words / ridiculous statements, nothing else to proof his statements.

    @Heimer

    Looking on your fresh registration https://www.wilderssecurity.com/member.php?u=69161 I can guess that you are one of promotion guys, perhaps from the same Greatis Software. Well, what about your continues misunderstoonding of situation, it is your problems :)

    Just a point - DDoS operations never planing on public.
    Deface operation is also is not planning on public, of course, if they wants to be successful.

    Give me and everyone else a PROOF of our criminal actions. Anything? Currently you have Only pathetic screams of liars like DS, nothing else.

    What about Unreal... :) Well, you make me smile. In your logic - any development of rootkit technologies - criminal act. So why you don't go to fight with Antiviruses and Firewalls companies which are currently use rk-technologies everywhere in their products? Unreal series is test-rootkits, proof-of-concepts which main idea was - SHOW TOTAL INCOMPETENCE of ALL available rootkit detectors. Any screams about malware nature of Unreal - is absurd. If you do not trust me, then watch Kaspersky Lab KAV7.0 presentation slides where they discussed Unreal.A and its detection/removal.

    What about development of others version, including Unreal.B-E, then we have coming to conclusion not to publish it, because it is always will be a scope of pathetic idiots who will scream about their malware purposes. And in the end - it is not your f**** business what we are doing / will do.
    End with you.

    About moral aspect of this swarm. It is absolutely on your choice - use, or not use. We do not want money from you, we do not expecting anything.

    "Underground" tool or not we are going to another conclusion made it really underground tool which means that it will fully unavailable for everyone except trusted peoples.

    What about Londonbeat statements, as we know about you have pure love with GMER, so nothing anything new from you wasn't expected.

    Goodbye.
     
    Last edited: Jun 18, 2007
  7. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Re: Re on Dmitry Sokolov unperfect lies.

    EP_XOFF

    My post yesterday has nothing to do with 'pure love with gmer'. He or his ARK have nothing to do with the issue discussed in this thread or my oppinions on it.

    Londonbeat
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,227
    Location:
    Sydney, Australia
    Last edited: Jun 18, 2007
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Perfectly written.

    This is pure entertainment. :D :D :cool: and most important totally true.

    They have to use this technique to not totally lose their faces. L*o*L, pure compulsion.
    In most cases the old rule is valid: Who is on system first wins. Related to this nothing has changed, except RkU, this tool changed a lot, the only real problem may be that the test tools generated by the authors will bypass RkU with high probability and then all those who trusted Rku will get damn big problems. Conclusio: We need more security guys who have deep knowledge to sharply attack the new danger to get at least a little more safety and not letting be ruled all computers by spambots, actually we have a zombie nation status!!!!

    Not to speak about all those ultra persistent polymorphic pe infectors
    (wiping out exes just for fun, turning your hds into raw)

    I don´t want spreading total paranoia, but ever heard of atapi or pci infection?

    The drama already starts by mainboard developers.
     
    Last edited: Jun 18, 2007
  10. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,692
    OK,all I did was ask one question and got many responses, some defending RKU some not.After much reading on this as well as other forums and sites I have come to my own conclusion on this and that is it's just a "beef" between these said software developers and nothing more.Did not mean to piss anyone off as I was only looking for some answers for myself. Thanks to all who replyed. I think every one out there has said things in the heat of the moment that they did'nt follow up on or really mean. So if I caused anyone trouble or pissed any one off,I'm sorry. But how will I know if I don't ask? Sorry still learning here.
     
  11. hurzelpurzel

    hurzelpurzel Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    14
    Let me translate it: MS decided to incorporate one of the worst hooking implementations into the OS for which they have the source code, just to gamble with the system stability.

    Right so far? :D

    Sorry to be so blunt, but this guy (the author of the tool) is right. If I was to make an attempt and unhook previously hooked kernel mode code, I'd unload any and all other security software. Let's take two examples. Almost any ISV firewall software uses hooking beyond the traditional NDIS or TDI hooks or entry point stealing at the device of origin. Another one is Kaspersky Internet Security (recently published DoS vulnerability due to their parameter checking being insufficient) which is hooking a dozen or so native functions to keep malware from tampering with their settings, I presume.

    Which you verify by reverse engineering these tools? Plain observation?

    Very true, see above.

    Which only proves either that Unreal is as good as the author claims (and btw, who says parts of it aren't used in other malware?) or that the codename in the lab is different than the detected name in the wild.

    Nothing has been proven either way.

    There's a difference between what you call "rootkit technology" (hooking, hiding, etc) and rootkits. And yes, even prototype rootkits belong into the category "rootkit".

    Wow. This is really hard to achieve, isn't it?! :D

    In an OS with hidden and undocumented interfaces in which any kernel mode code runs with the same privileges and rights as the kernel itself, it is almost impossible for the "defender" to find all possible ways of intrusion (or persistence), since the math is in favor of the attacker in any case.

    Since you claim to write prototype rootkits, it is a no-brainer to extend your own tool and incorporate detection and removal for it in your tool - even in a generic manner to catch similar methods used by independently developed rootkits. It always was and is likely to remain an arms race for the time being.

    They may be absurd from your POV, try to assume the POV of others, though. Still as absurd as before? Maybe it was wrong or bad wording, no idea - I don't want to jump to conclusions. But that's true either way!

    This statement is a bit chilling, since different authors of ARK tools will use different approaches for detection. It is the diversity that actually helps in case of such tools because the ways of the attacker are multitude. So I wonder what the rivalry is about.

    In fact it is a good thing you provide the tool for free and that it is such a good tool. Why then the rivalry? To me it appears childish, while the tool itself appears quite mature.
     
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    That´s true in some tests we even could see that Gmer caught more known rootkits. Rku was in middlefield and Darkspy ruled all ranks, but this dark spy tool has a bad GUI and too many BSODs + incompats with other sec.apps. and was never updated by those chinese junkies.

    Beside does anyone heard some news from Gmer?

    Related to Unreal.A: Did you remember this screen?
    http://i15.tinypic.com/2my85l0.png

    Allows hackers unauthorized access to your pc?! Or false assumption? Where is the truth?
     
    Last edited: Jun 24, 2007
  13. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I don't know where the truth is, but I do know where it is not.

    The truth is not in idle posturing or childish rants delivered to various sites on the Internet. The truth is not protesting that the childish rants are fine since you hadn't started the exchange anyway. The truth is not in advocating malicious action against another, even if it is only idle chatter. The truth is not mistaking technical prowess for a license to cross any line of public decorum that seems inconvenient at the moment.

    I could go on, but like I said at the start, I don't know where the truth is, but I do know where it is not.

    Blue
     
  14. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yep this may be but you don´t know the whole stalker story I know. So don´t offend about things you only know partly. There are systematic stalkers in action disguised in emails but I don´t want distort any more because from a outside perspective the whole thing seem to look strange, I am only interested in catching the evil behind these sub-messages I receive.

    Maybe you feel comfortable in the matrix, I do not! [Whereby we´d have to define what is the matrix, that would lead to a endless discussion so we stop talking about]
     
    Last edited: Jun 24, 2007
  15. EASTER.2010

    EASTER.2010 Guest

    Dark Spy is been a no brainer for me. It never worked PERIOD, in any version, only BSOD. Story over for that one.

    I do know and trust RKUnhooker, at least ALL the versions i held onto up untill EP_X0FF & MP_ART (Thanks!) forums left the air and another developer assumed charge of it.

    I have far more faith in this Team that originated it in the first place because they were on a mission to prove users did not have to live in the dark forever where concerns ARK's and they answered concerns professionally & technically enough to challenge even another programmers reservations over it.

    I don't know of another ARK aside from IceSword maybe that cleared away the brush well enough that i had no fear of intruding onto rootkit exploit sites and sit there while they attempted to load their payloads, and then i let them have free reign while watching their progress with SSM. RKU done a bang up job at pulling their spikes out from kernel/userlane as well as hidden services etc.

    The only thing evil here are gravely malicious malware/viruses that carry the sole intention to completely render your PC inoperable & inaccessible.
     
  16. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Hello again.

    Back from Kaspersky and its exploiting to the my main lovely theme. Discussions about my(our) work and my(our) childish behaviour :)

    Actually they do not need to do any kind of backdoors, since their OS is the biggest backdoor itself.

    I said this. Don't bother me with answers about provements. Unreal.A hiding techniques is compromised and because this rootkits is unique in any parts, it will be flaged as far as it possible by many available rootkit detectors, including Great Buglandia called GMER.

    Are you so sure? I don't think so. Two well-known persons Greg Hoglung and Jamie Butler thinks are little different than you.

    Actually it was/is/will be VERY VERY simple.

    Such posts actually only consolidates my opinion.

    Just perhaps. I always use direct methods and words to issue my opinion to all others. I can't wag and spread demagogy like many others here loves to do.

    I tired from such nonsense statements and other attempts to improve my personallity/behaviour. Please find another target, for example GMER author, which publically used his site DDoS as promotion action. Not a childish behaviour, ah?

    It is standard "rootkit detected" description which is used almost in every security tool.

    Should I take this personally? Well I take. Hmm, actually it is a question who demonstrates more childish behaviour me or you.

    ... which remembers me wonderful gmer statements here, not so long time ago in famous "How to use GMER" thread.

    Taking this personally in the third time.
    >Overflow
    >Modifying my blacklist.txt.

    Guess, I have nothing to do here anymore.
     
  17. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Not really.

    That works fine for me as well.

    Later

    Blue
     
  18. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    You 2 (EP and Easter) are Genius, I could not say it better! Applause. Thank you for giving some intelligence back to this thread! :thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb:

    Damn I´m so happy know that I am laughing out the hell out loud! Hahahahahahah
     
  19. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Despite the theatrical obfuscation and derailment that has taken place in this thread, I notice the original OP question, (whether the screenshots taken from the forum of previous RKunhooker site showing the request for a DDOS and defacement attack against a website, with RKU being offered as a reward, are real/true or not), has still not been answered.
     
  20. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    That website is no longer available, nor are cached versions available.

    Around the time those screenshots first appeared (don't recall it if was prior to or after), I did have a look for myself. The website was live at that time. Those screenshots are an accurate representation of what was posted.

    Blue
     
  21. EASTER.2010

    EASTER.2010 Guest

    That was funny again.

    What is more intriguing to me is how or why one individual chooses to substantiate by false accusation based on, ONCE AGAIN, heated open exchange between disagreeing parties, which really have nothing whatsoever to do with any of us OR the security community as a whole.

    This Topic Title alone and following false allegations are nothing more than a total waste of web space and seems bordering on nothing but petty jealousy that finally a development team has fashioned a very efficient and accurate ARK which is openly exposed so many weaknesses in BOTH commercial security products AND freeware alike.

    You obviously only recently been on the security scene a very short time. There have been many similar remarks bandied about before between software authors as well as users alike and you learn from experience that they're only needling each other to see what the other will return with in next reply.

    Geez. I think appreciation is something not found in great supply these days anymore. Of course these topics usually only originate either out of jealousy or prejudice and lead to the same if allowed to fester.

    Those exchanges are past history and nothing is happened irregardless so why continue to bang this same old drum over and over again.
     
  22. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    EASTER.2010,

    You may believe my statements or not, that's your call. I didn't go beyond stating the screenshots are accurate.

    You refer to it as "needling each other", perhaps, but that usually requires that both sides of the exchange to have that understanding of the situation.

    Blue
     
  23. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Exactly.
    Absolutely, envy, jealousy.. That is the problem, especially in forums you always need a big mental armor against the "narrow-mindness" of many people and all those "flame-lovers".
     
  24. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Thanks for the info, Blue.

    Please point me in the direction of where someone producing an ARK, AV, AS, AT...or any other security software has made 'similar remarks', you may be correct but I haven't seen other security vendors requesting a DDOS on another site, whether in joke or seriously.

    Many people who use security software like to trust the software, and it's manufacturer. When information such as in the OP's post is presented to the public it challenges that trust, and people want to know if it's true or not. I don't see much (if any) flaming on here, just people asking questions. You may think this naive, but it's a fact for many people whether you accept it or not.

    Londonbeat
     
  25. EASTER.2010

    EASTER.2010 Guest

    I could easily do that yet won't, because just like that old article you keep pushing at, it would be old news and nothing materialized from those exchanges either.

    And besides, i'm, NOT about to post something else to start another flame topic over, that's NOT what this forum is about nor would it serve to educate in the areas most important, Security Softwares and Products.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.