Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Best rootkit for win7?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-21-2010, 17:45
suddenLy suddenLy is offline
Friend
  
Join Date: Jan 2005
Posts: 62
Rept. Given: 2
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 3
Thanks Rcvd at 9 Times in 8 Posts
suddenLy Reputation: 3
Best rootkit for win7?
I'm wondering BEST rootkit exists on win7.

Have any idea?
Reply With Quote
  #2  
Old 10-21-2010, 18:25
sendersu sendersu is offline
VIP
  
Join Date: Oct 2010
Posts: 1,305
Rept. Given: 337
Rept. Rcvd 237 Times in 127 Posts
Thanks Given: 340
Thanks Rcvd at 652 Times in 357 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Windows 7 64 does not allow every driver to get into kernel memory region due to a very strict digital signature check. If the driver has not been digitally signed, Windows won't allow it to be loaded.
So I guess you are rather asking about new modern way - a bootkit?

Probably #1 is TDL3
Reply With Quote
  #3  
Old 10-27-2010, 03:27
Archer's Avatar
Archer Archer is offline
retired
  
Join Date: Aug 2005
Posts: 243
Rept. Given: 1
Rept. Rcvd 46 Times in 19 Posts
Thanks Given: 3
Thanks Rcvd at 387 Times in 57 Posts
Archer Reputation: 46
TDL x64 was found ITW for about a month ago.
Reply With Quote
  #4  
Old 10-27-2010, 10:23
JeRRy's Avatar
JeRRy JeRRy is offline
VIP
  
Join Date: Oct 2010
Posts: 121
Rept. Given: 89
Rept. Rcvd 205 Times in 72 Posts
Thanks Given: 14
Thanks Rcvd at 26 Times in 12 Posts
JeRRy Reputation: 200-299 JeRRy Reputation: 200-299 JeRRy Reputation: 200-299
Nice quote , sendersu :P

http://www.prevx.com/blog/154/TDL-rootkit-x-goes-in-the-wild.html
Last edited by JeRRy; 10-27-2010 at 10:28.
Reply With Quote
  #5  
Old 10-27-2010, 15:02
STRELiTZIA
 
Posts: n/a
_http://www.kernelmode.info/forum/viewtopic.php?f=16&t=19&start=660
Reply With Quote
  #6  
Old 10-30-2010, 04:47
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
  
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 295
Rept. Given: 106
Rept. Rcvd 93 Times in 44 Posts
Thanks Given: 203
Thanks Rcvd at 397 Times in 130 Posts
Fyyre Reputation: 93
Quote:
Originally Posted by suddenLy View Post
I'm wondering BEST rootkit exists on win7.

Have any idea?
Best, in terms of what? TDL3 wins at being another bootkit/signing hack/patchguard kill... but is not exactly usable
Reply With Quote
  #7  
Old 03-06-2011, 21:07
SLV SLV is offline
Friend
  
Join Date: May 2005
Posts: 62
Rept. Given: 3
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
SLV Reputation: 4
Don't mix w7 and x64, w7x86 allows to load unsigned drivers, so many driver trojans use it as well.
Reply With Quote
  #8  
Old 03-08-2011, 08:04
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
  
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 295
Rept. Given: 106
Rept. Rcvd 93 Times in 44 Posts
Thanks Given: 203
Thanks Rcvd at 397 Times in 130 Posts
Fyyre Reputation: 93
no mixing, no fun. besides... i patched that months ago.

-Fyyre

Quote:
Originally Posted by SLV View Post
Don't mix w7 and x64, w7x86 allows to load unsigned drivers, so many driver trojans use it as well.
Reply With Quote
The Following User Gave Reputation+1 to Fyyre For This Useful Post:
SLV (03-08-2011)
  #9  
Old 03-08-2011, 18:00
SLV SLV is offline
Friend
  
Join Date: May 2005
Posts: 62
Rept. Given: 3
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
SLV Reputation: 4
It's a dirty hack and can't be used in commercial (or malware lol) software because one day ms may publish a new version of system files and u will loose all ur customers (bots). The best way nowdays is to infect MBR or something not far from.
Reply With Quote
  #10  
Old 03-24-2011, 08:53
ch0pper
 
Posts: n/a
probably the best for windows was Hacker defender back in the day.

but if you incorporate the stoned boot kit and take elements from Hacker defender you can have an awesome Windows 7 64 bit rootkit

http://www.stoned-vienna.com/
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
Molasar (03-25-2011)
  #11  
Old 03-25-2011, 08:52
Molasar Molasar is offline
VIP
  
Join Date: May 2002
Posts: 148
Rept. Given: 177
Rept. Rcvd 13 Times in 9 Posts
Thanks Given: 53
Thanks Rcvd at 11 Times in 9 Posts
Molasar Reputation: 13
ch0pper: Have you seen sources for the TDL4 bootkit?
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Process hiding with SSDT modification in x64 Win7 31337guru x64 OS 3 05-03-2012 18:16


All times are GMT +8. The time now is 01:06.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )