The most disgusting book of all- how to use rootkits

Discussion in 'other security issues & news' started by nadirah, Dec 23, 2005.

Thread Status:
Not open for further replies.
  1. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647

    Attached Files:

  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    If the book is so evil, why is it recommended reading by Mark Russinovich (you know, the Sysinternals' guy)?...

    "It's imperative that everybody working in the field of cyber-security read this book to understand the growing threat of rootkits."
    --Mark Russinovich, editor, Windows IT Pro / Windows & .NET Magazine


    Anyway, the book was given to me as an early Christmas present and I look forward to reading it :eek:.

    Nick
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    I bought in the local bookstore last week as a christmas present for a friend.

    Gerard
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It's not really about how to use rootkits, as much as it is about how they're written and how to detect them. For anyone that might have to deal with them in a professional capacity, I would imagine this would be -the- book to get. Hopefully you don't have to be a programmer to really get something out of the book, it's definitely one on my list to get.
     
  5. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    236
    Location:
    Netherlands
    Hoglund also published a book called "Exploiting Software : How to Break Code"

    The book is written by the same person who initially published rootkits source code on the rootkit website during the period while the SubSeven trojan was active. Kind of weird because he was also working on a security product name Hailstorm.

    In those days almost nobody - except a few people - cared about Windows rootkits so it didn't attract as much attention as it should have.

    After a while the rootkit website was taken down, but if you look now it's as active as never before. Windows rootkits are hot.
     
  6. Guessed

    Guessed Guest

    Some (cynical) people have suggested that the main function of the Rootkit site, from G. Hoglund's point of view, is to peddle this book, lol! Seriously though, the genie is out of the bottle. Rootkits are here to stay and everyone should become as educated as possible about them. In that regard this book is not "disgusting" but helpful.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    I wonder how many are willing to take a stand, as nadirah has done, and say that it is disgusting.

    -rich
     
  8. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    I think that information ought to be available to make netizens informed. Knowledge is power.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I consider this book as any other book.
    Any information can be used in a good way or in a bad way.

    If I buy a book about the computer language "Assembler", I can use it to write good programs or evil programs.
    The book "Rootkits" is not the problem, the reader could be a problem.
     
  10. StevieO

    StevieO Guest

    Actually i would say that i think that generally speaking, the rootkit coders are not the ones who make use of them, it's other people who put them to no good !

    Knowledge about things like this and that could cause serious damage, is always worth having. Better to be forewarned and prearmed, than out of the loop and vulnerable.


    StevieO
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Maybe the rootkit coders not, because they already have the knowledge.
    What about the malware coders, who want to learn more about rootkits to write rootkits themselves ?
    After all these malware coders have to learn too, just like the good guys.
    That book is like a knife, you can use it as a tool to eat or as a weapon to hurt/kill somebody.

    One thing is sure : the days of the simple malwares are over.
    Now we get the sophisticated ones : hard to discover and hard to remove.
    I never underestimated the intelligence of the bad guys, being bad doesn't mean being stupid.
    The brilliant malware writers provide the quality of malwares by creating the originals and the mediocre malware writers provide the quantity of malwares by creating the variants.
    It's all about stealing money and information and use it to commit even more crime.
    Internet is a gold-mine if you know how to use it and a paradise for criminals.
    I'm already happy, when I can save $20 on buying a software, while these organized criminals earn billions of dollars on the internet, directly or indirectly.
     
  12. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    this is what it says about the cover picture...

    The front cover of this book holds a lot of significance for Jamie and me. We designed this cover ourselves, with the help of a wonderfully talented Brazilian artist named Paulo. The person depicted on the front is a historical Japanese figure called a Samurai. (We mean no disrespect by taking some creative license in depicting the character.) We chose him because he represents the artistry of his craft, strength of character, and the fact that his art was essential to his culture and its leaders. He also represents the importance of recognizing the interconnectedness of the world in which we live.

    The sword is the tool of the Samurai, the object of his skill. You'll notice that his sword is centered in the picture, and driven into the ground. From the sword springs roots that signify growth and depth of knowledge. The roots become circuits to represent knowledge of computer technology and the tools of the rootkit developer. The kanji characters behind him mean "to gain knowledge."

    We think this is an apt description of our work. Jamie and I are continually learning and updating our knowledge. We are pleased to be able to impart what we've learned to others. We want you to see the incredible power that rests in the roots you can create.

    —Greg Hoglund
     
  13. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Definitely, and malware is not created by bored individuals anymore. There have money and structure behind them; that, probably even more than technical skills, provides them the chance to spend time creating and distributing it.

    As a programmer, I must say this is a depressing state of things. Yes, it's completely true: today the Internet sees easily more "bad guys" get rich than "good guys".
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Yup ;)

    True. I'm not going to comment on Hailstorm though.

    As far as I know, the major anti-malware companies did notice for sure. You do have a valid point as for countering the issue at hand.

    I for one totally agree!

    No disrespect intended! - but the (in the meanwhile heavily paid) malware pro's do know the ropes for many, many years in the meanwhile. There's nothing new for them in this book - yesterdays news it is...

    IMHO as for rootkits, there haven't been bored individuals involved. The main issue - as I see it - is a change of perspective: coding for the benefit of personal respect between malware coders, opposed to going for the money. Real good malware coders are on the payroll in the meanwhile. Payed off rather handsomely as it is..

    I for one wouldn not underestimate technical skills. The structure behind all this is the crux for sure.

    regards,

    paul
     
  15. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yes, when I talked about "bored" boys I was not talking about rootkits but rather about generic simpler destructive malware (you know, many viruses, mailbombers, etc).

    Yes, Unix rootkits were never created by "bored" teens in the past, but by people with a lot of skills. But as you said, very few (hardly any, I suppose) had a structure behind them. Even in the few cases where they didn't use the malware for personal glory but rather for actual financial gain (i.e. to steal money), they were on their own. It's a totally different world now. Scary...
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Very true. Crackers of softwares are also organized.
    Most cracks have a kind of readme.txt, in which they explain how to use the crack, but they also use that txt-file to hire new crackers. They all work in groups.
    I even saw a video, made by these crackers, to tell users how good they are and promoting their activities with a list of nicknames of the crackers and how many softwares they cracked.
    That video was made to celebrate their crack #10,000.
     
  17. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Ahh..I understand. Those are rather easy to cope with in the end, aren't they ;)

    We do agree here.

    In essence I do agree here as well.

    ...then again: a predictable one, for years and years in a row. IMHO it has been merely a matter of time. Overall, it's a pitty to conclude major white hat companies didn't jump in earlier. As it is, Pandora's Box has been opened - coming with millions of US bucks backing it up. Indeed: for the 'Average Joe' this may well be very scary indeed. And they do represent say 98% from all surfing around, collecting email, etc.

    regards,

    paul
     
  18. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Here's an interview with the authors:
    http://www.securityfocus.com/columnists/358

     
  19. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    That's 100% correct!:)

    I don't understand all the fuss around the book;)
     
  20. Iwonder

    Iwonder Guest

    I wonder if they put a Chinese guy on the cover because they feel that the Chinese are or will be leading the way in rootkit technologies? I think the cover art goes deeper than it may appear at first glance. ;)
     
  21. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Actually, the cover art represents a Japanese Samurai.

    Nick
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.