Windows Rootkits 344
GuidoJ writes "The Register is running an article by Kevin Poulsen of SecurityFocus Online about rootkits in Windows NT. While rootkits are a well-known issue in Unix and Linux systems, they have rarely been found on compromised Windows machines. According to the article, Windows NT backdoors have always been 'trivial', and they have caused enough havoc already. Imagine what a stealthy rootkit could do!"
And all this time (Score:5, Funny)
Roots on Windows aren't as l337 (Score:2, Funny)
Watch as I type edit and the screen goes blank!
Is this new??? (Score:4, Funny)
This shows that Windows (Score:4, Funny)
Internet Explorer is a rootkit? (Score:5, Funny)
Heh...that's one way to decrease install size.. (Score:4, Funny)
"The stealth driver in my mind is the scary concept," says Mertens. "You can hide an elephant with it."
So the first thing they do is hide the \winnt folder?
.
Let's pretend I'm on linux... (Score:2, Funny)
So what about this is more difficult than windows? An API must exist for a driver to be loaded, therefore it can be exploited. The tool that interacts with a user installing a driver uses this API, the rootkit bypasses all possible interaction (and uses its priveledged position to hide its existance)
Re:Internet Explorer is a rootkit? (Score:2, Funny)
"Also known as "kernel mode Trojans," root kits are far more sophisticated than the usual batch of Windows backdoor programs that irk network administrators today. The difference is the depth at which they control the compromised system."
Silly article, sensationalism and slim facts (Score:2, Funny)
Jon Littman wrote an interesting book about Kevin Mitnick entitled The Fugitive Game. In it he partly addresses the situation of an FBI informant and not-so-l33t hax0r, Kevin Poulsen [nerdworldnj.com]. 100 to 1 this is the same l33t hax0r. Way back in the day--1990--Poulsen was described as not very l33t:
Now I grant you that 13 years is a lot of time for someone to change and learn to abandon stupid sensational media tactics. But look at the substance of the linked slashdot article : "I wrote a rootkit for Windows, I'm cool, and I ran a script kiddie workshop [blackhat.com]so lots of people can do it! By the way, I screwed up the old code. But the new ones the evil hax0rs will make will be really bad. .. So hire me as a consultant!"...um, yeah, right.
Terminology (Score:4, Funny)
Re:Is this new??? (Score:1, Funny)
No, it's called Outlook Express.
Not very much of a sysadmin is he? (Score:5, Funny)
Re:rootkit my ass (Score:3, Funny)
Why install a rootkit? (Score:3, Funny)
If it were me, I would just find a buffer overflow, and have some fun..
Re:No need to run Windows as an Administrator (Score:2, Funny)
Windows Rootkit (Score:3, Funny)
His name is Kevin Poulsen... (Score:1, Funny)
His name is Kevin Poulsen...
His name is Kevin Poulsen...
Re:How do you know Bill didn't? (Score:5, Funny)
Re:How to clean boot Windows? (Score:2, Funny)
Re:How do you know Bill didn't? (Score:2, Funny)
I heard that they put code in Windows XP that will drink your last beer, leave the toilet seat up, and sleep with your wife while you are at work.
installing a Windows rootkit (Score:3, Funny)
The very best line from the article: (Score:4, Funny)