#1
|
|||
|
|||
Best rootkit for win7?
I'm wondering BEST rootkit exists on win7.
Have any idea? |
#2
|
|||
|
|||
Windows 7 64 does not allow every driver to get into kernel memory region due to a very strict digital signature check. If the driver has not been digitally signed, Windows won't allow it to be loaded.
So I guess you are rather asking about new modern way - a bootkit? Probably #1 is TDL3 |
#3
|
||||
|
||||
TDL x64 was found ITW for about a month ago.
|
#4
|
||||
|
||||
Nice quote , sendersu :P
http://www.prevx.com/blog/154/TDL-rootkit-x-goes-in-the-wild.html Last edited by JeRRy; 10-27-2010 at 10:28. |
#5
|
|||
|
|||
_http://www.kernelmode.info/forum/viewtopic.php?f=16&t=19&start=660
|
#6
|
||||
|
||||
Best, in terms of what? TDL3 wins at being another bootkit/signing hack/patchguard kill... but is not exactly usable
|
#7
|
|||
|
|||
Don't mix w7 and x64, w7x86 allows to load unsigned drivers, so many driver trojans use it as well.
|
#8
|
||||
|
||||
The Following User Gave Reputation+1 to Fyyre For This Useful Post: | ||
SLV (03-08-2011) |
#9
|
|||
|
|||
It's a dirty hack and can't be used in commercial (or malware lol) software because one day ms may publish a new version of system files and u will loose all ur customers (bots). The best way nowdays is to infect MBR or something not far from.
|
#10
|
|||
|
|||
probably the best for windows was Hacker defender back in the day.
but if you incorporate the stoned boot kit and take elements from Hacker defender you can have an awesome Windows 7 64 bit rootkit http://www.stoned-vienna.com/ |
The Following User Gave Reputation+1 to For This Useful Post: | ||
Molasar (03-25-2011) |
#11
|
|||
|
|||
ch0pper: Have you seen sources for the TDL4 bootkit?
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Process hiding with SSDT modification in x64 Win7 | 31337guru | x64 OS | 3 | 05-03-2012 18:16 |