Commercial version of Hacker Defender rootkit now available
Mikko writes over on the F-Secure "News from the Lab" Blog:
...we received the first sample of Golden Hacker Defender around a month ago. This is the commercial private version of the Hacker Defender rootkit. Bad boys are purchasing this tool in order to hide their tracks...and might pay over 500 EUR for it, depending on the features.
The sample we got was found by a company from several of their Windows servers. The discovery was made while they were testing the latest beta version of BlackLight.
The most notable feature of this non-public Golden Hacker Defender is it's anti-detection engine. It is able to bypass most of the modern rootkit detectors. The anti-detection engine identifies detectors through a binary signature before the detector has a chance to execute. If the signature matches, the rootkit can disable some of its hooks or it can patch the detector's binary to modify its functionality.
In this case, detection was possible because the intruder had not yet updated his/her rootkit to include the signature of our latest BlackLight release.
0 Comments:
Post a Comment
<< Home