Rootkit Guru: AntiVirus Makes Me Do It

Discussion in 'other security issues & news' started by azumi21, Dec 22, 2005.

Thread Status:
Not open for further replies.
  1. azumi21

    azumi21 Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    129
    Rootkit Guru: AntiVirus Makes Me Do It

    http://www.emailbattles.com/archive/battles/security_aacejifdhf_ic/

    "For the paid versions of Hacker Defender, the code of the public version is scrambled and changed to avoid antivirus detection. Tests for eight antivirus products (Avast!, AVG, Kaspersky, McAfee, NOD32, Norton, Panda, PC-cillin) with the newest upgrades, are always made before the customer receives the final product. The code is always unique for each customer, which means that detection of one customer's product should not affect other customer's products. "

    "It is curious that Hacker Defender's antidetection was implemented months ago and hasn't changed (except some minor bugfixes) since then. In spite of this fact, no security product is able to beat it today."
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    With "able to beat", I assume they mean that they cant find it once Hackerdefender is installed, right?
    Cause are there not atleast 2 HIPS (and they are security products) that will prevent rootkits from installing. So is the quoted claim really valid? If the rootkit cant execute it will do no harm, so in that sence rootkits are "beaten" imo.

    I´m talking about Appdefend and processguard. Dont know if other HIPS do that, but I guess any program with execution protection and driver install protection will block rootkits with ease.
    Or am I wrong?
     
  3. You're wrong.
     
  4. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Why is he wrong, deviladvocate?
     
  5. controler

    controler Guest

    Nother reason why unregistered users hold no water.


    They come in make claims like NO
    but give no info as to why

    Hum bat stuff

    At least I come here as registered and say gee you CAN use Regrun platinum
    to find rootkits.

    Not even Holey Father will say it can't

    It works not non SIgs.

    Devil ? have U tried it yet?

    con
     
  6. Well considering the type of rookit Hackdefender is, the answer is obvious.

    But believe controller if you want, he's a REGISTERED USER and as such his comments are automatically right. :p

    And yes, finding rookits without signatures is hardly a new trick, controller makes it sound like it's unique lol.
     
  7. Actually, I take it all back. I'm not a hip, cool dude whose taken r00t in your consciousness but a troll who enjoys being a pain in the a**. I'm so sorry.
     
  8. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    So I take it you have one of these hackerdefender versions which apparently gets past AppDefend? If so I wouldn't mind looking at it if you have verified it does indeed get past AppDefend. If you don't then how are you making such a claim?

    As far as I know AppDefend would stop it from installing it's driver.
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    I guess i should have asked why would sukarof be wrong if he/she is using an Process Guard/AppDefend type of program? :)
     
  10. controler

    controler Guest

    DA

    We both know rootkits have been around for a while. Thing is none realy wanted to acknowladge them untill recently. I am sure the rootkit writers work for all sorts of people, Gov included. I think it was a good thing Holy Father helped bring it more into the light so to speak ;)

    We won't go into mind control in this thread although THEY have been experimenting with it for many years. If you say your brain is not rootkitted at this time you won't have to reformat it anytime soon. You might concider cloning it now though. After awhile it becomes naturaly degraded.:D

    I would love to get my hands on a undetecable version of HD also. Not many developers want to stoop to a level of buying one from HF at this time.
     
  11. You honour me by using the word 'both', but no unlike you I have not being on record for stating the dangers of rootkits way back in 2001.

    Like most people here, rootkits came on my rader screen only in 2005. :)


    For good reasons and it's not because they don't want to 'stoop'. Even if they did get a copy, it wouldn't help because, whatever defenses they put in, the bad guys can then work around again by changing the 'antidetection module'

    I'm not sure why people are making such a big deal. Any average vxer, can create some home made virus or whatever that is 'undetectable' at the moment by all AVs. Heck, surf the right boards and they even tell you how to do it. Of course, they eventually get detected because its spreads widely enough and some AV company eventually gets a copy

    Now, if instead, the guy hordes his creation and uses it only for limited purposes, it would remain as 'undetectable' by AVs as any version of HD.

    Of course, I'm not saying that a rootkit like HD is easy to make, but i'm saying it's 'undefeatability' lies more in the fact that it is used only in limited situations so nobody has a chance to analyse it and the guy HF works hard to keep ahead .

    A none public malware can always be made to defeat a public malware scanner, that's hardly news.
     
Loading...
Thread Status:
Not open for further replies.