SpyFu

Who's online

There are currently 0 users and 11 guests online.

Shadow Walker Root Kit Eats Anti-Virus for Breakfast

twadmin's picture
twadmin on Thu, 2005-07-28 09:55.
2 comments
Source Title:
'Shadow Walker' Pushes Envelope for Stealth Rootkits
Source Url:
http://www.eweek.com/article2/0,1895,1841266,00.asp
Story Text:

A revolutionary stealth root kit dubbed "Shadow Walker" that was demonstrated at the BLACK HAT security conference in Vegas this week, can waltz right in to you PC under the noses of even the most sophisticated anti-virus software.

The proof-of-concept, dubbed Shadow Walker, is a modification of Butler's FU rootkit, a kernel-level program capable of hiding processes and elevating process privileges. The rootkit uses DKOM (Direct Kernel Object Manipulation) to fake out the Windows Event Viewer to make forensics virtually impossible and can also hide device drivers

anti-virus scanners must "completely revamp" existing rootkit detection technologies

Comments

Hmm.

DianeV's picture
DianeV on Thu, 2005-07-28 14:41.

Seems to me that anti-virus is different than anti-breakin, but what do I know?

A Virus

lots0's picture
lots0 on Fri, 2005-07-29 09:02.

has to "break in" before it can do it's thing.

This is some scary shit.

No defenses against this at all right now. Goes past the best fire wall and anti-virus like it is not even there...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

User login

Username or e-mail
Password
Create new account

Follow Threadwatch

Threadwatch XML Subscribe via Bloglines Subscribe via My Yahoo!