| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 31029 | 2003-03-09 20:49:00 | OT: Root Kit, get your's today | nz_liam (845) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 126926 | 2003-03-09 20:49:00 | A root kit hooks itself into the operating system's Application Program Interface (API), where it intercepts the system calls that other programs use to perform basic functions, like accessing files on the computer's hard drive. The root kit is the man-in-the-middle, squatting between the operating system and the programs that rely on it, deciding what those programs can see and do. It uses that position to hide itself. If an application tries to list the contents of a directory containing one of the root kit's files, the malware will censor the filename from the list. It'll do the same thing with the system registry and the process list. It will also hide anything else the hacker controlling it wants hidden - MP3s, password lists, a DivX of the last Star Trek movie. As long as it fits on the hard drive, the hidden cargo doesn't have to be small or unobtrusive to be completely cloaked. (www.theregister.co.uk) Dont delay :D, get your invisible trojan today! :p (http://www.rootkit.com) |
nz_liam (845) | ||
| 126927 | 2003-03-09 22:00:00 | No need to, I've rooted all your boxes a long ago nz_liam. | BIFF (1) | ||
| 126928 | 2003-03-09 23:19:00 | LOL | nz_liam (845) | ||
| 126929 | 2003-03-09 23:30:00 | Flip...thats some scary stuff...."You can hide an elephant with it."...anyone got any elephants to hide? | promethius (1998) | ||
| 126930 | 2003-03-10 01:31:00 | I squash a Giraffe inside my tower case.. Why do you think they call them tower cases aye!? | Chilling_Silence (9) | ||
| 126931 | 2003-03-10 01:52:00 | well thats a toy i don't want to meet in person!. how do you think the anit-virus boys will detect it? |
robsonde (120) | ||
| 126932 | 2003-03-10 19:23:00 | > well thats a toy i don't want to meet in person!. > > how do you think the anit-virus boys will detect it? They can't ]-) |
nz_liam (845) | ||
| 126933 | 2003-03-10 19:34:00 | > > well thats a toy i don't want to meet in person!. > > > > how do you think the anit-virus boys will detect > it? > > They can't ]-) I was thinking about that, couldent they make a kernal level driver of there own that reads the hard drive directly and so wont be traped be the root kit? another way to do things would be to have a very basic virus scan at start-up that runs before any windows kernal mode drivers are loaded, this will just run through BIOS calls only and just check for the root kit type virus and not spend 20 minutes scaning the whole drive. the other point to note is that the root kit can only be put on a system that has already been hacked in one way or another............ question: being that this type of hack is already around on unix/linux systems then how do they detect it on them? |
robsonde (120) | ||
| 126934 | 2003-03-10 20:21:00 | > another way to do things would be to have a very > basic virus scan at start-up that runs before any > windows kernal mode drivers are loaded, this will > just run through BIOS calls only and just check for > the root kit type virus and not spend 20 minutes > scaning the whole drive. That would work, however most people are likely to be hacking servers, which aren't rebooted often. |
nz_liam (845) | ||
| 126935 | 2003-03-10 20:24:00 | Howdy Robsonde, In the case of Linux you can get a programme chkrootkit (http://www.chkrootkit.org) that detects alterations to certain files and looks for rootkit signatures. This is necessary as a large number of hackers alter or modify log files to hide their access to the PC. Linux has very good activity logs, but you need to monitor them ;) |
Gorela (901) | ||
| 1 | |||||