18 April 2005
"Rootkits" (via the LangaList)
Hi Fred: Can you point to any articles you've done on "rootkits" and their removal? See: http://tinyurl.com/3uc8a Thanks, Michael H. Bell
A timely question, Michael--- there's growing activity in this area. A "rootkit" is a kind of software that activates each time the system boots. Malware installed as a rootkit is hard to find and very difficult to control because it's up and running before most of the rest of the OS is ready; and certainly before the user interface is up. Rootkits can be a problem for 2K/XP and Unix-like OSes (including Linux, Mac OSX, etc.).
End-user tools are only just now becoming available for this class of malware; most presume a fair degree of knowledge on the part of the user. Examples:
http://research.microsoft.com/rootkit/
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
http://weblogs.asp.net/robert_hensing/archive/2005/01/14/353156.aspx
http://www.rootkit.com (Not responding see blog above, Ben)
http://www.diamondcs.com.au/processguard/
http://www.diamondcs.com.au/processguard/index.php?page=attack-rootkits
http://www.advances.com/software/rootkitshark.htm
http://www.google.com/search?q=rootkit
Reader Richard Schimpff also contacted me about rootkits and provided some links, including this: http://www.eweek.com/article2/0,1759,1785621,00.asp (Thanks, Richard!)
There's sure to be more activity in this area in the future: Stay tuned!
Comments:
Post a Comment
