After Microsoft Warns of New Security Threat System monitoring programs, called rootkits, may pose a serious danger to your PC. it is time to see what offering is available to protect our PCs...

A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. Root kits exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows
. [WikiPedia]

The windows rootkit threat has never been so high as today: Rootkit creators turn professional
All major antivirus software are now starting to provide solutions with more or less sucess:
  • Symantec Hacktool.Rootkit comprises a set of programs and scripts that work together to allow attackers to break into a system. If Hacktool.Rootkit is detected on a system, it is very likely that an attacker has gained complete control of that system. All files that are detected as Hacktool.Rootkit should be deleted. Infected systems may need to be restored from backups or patched to restore security.
  • Sysinternal is a company more known for his hacking or developer tool, but they have been the first to give away a free rootkit revealer and detection program.
  • F-Secure Corp has added rootkit-detection features to its product suite: F-secure Blacklist
  • Microsoft Strider Ghostbuster is a future tool from the Giant.


The only problem is that the only solution is to restore your system by using a "non corrupted" os version (the problem is to have enough backup)...

Also do not forget to visit the biggest community (33 000 users) at www.rootkit.com


comments powered by Disqus

You might like also

Thief acting on forums
  I was contacted 2 days ago by a thief. This technique is quite old (at least 3 years) but always worth mentioning. Your bank will credit the amount in a few days but. . . the certified check is a stolen one that will take 3 to 4 week to be rejected by your bank. Enough time for robber to get the item and some money from you (they will pick up the item and ask for the shipping …
3353 Days ago
Joomla 1.5.13 Security Release Available
The Joomla Project announces the immediate availability of Joomla 1.5.13 [Wojmamni ama baji]. This is a security release and users are strongly encouraged to upgrade immediately. This release contains 26 bug fixes, two moderate-level security fixes and one low-level security fix. It has been 3 weeks since Joomla 1.5.12 was released on July 1, 2009. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community. Statistics Statistics for the 1.5.13 release period: Joomla …
3469 Days ago
Acunetix free edition now available
I will use it on my host very soon, if you have your own root server, this tool must be part of your administrator toolbox. Joomla! team use it to test the core framework, so we should be on the safe side, unfortunately we are are all using too many plug-ins that may be unsecure.. Here is how a report generated using Acunetix WVS look like (PDF - 1.5MB). Acunetix Web Vulnerability Scanner automatically scans your web applications / website …
3538 Days ago
Secure, Safe, Fast Linux Hosting v1.4.0
This list is an ongoing work and since the version 1.0 (01 March 2008), a lot of nodes/ideas and now links have been added. The tree is also now a  lot more structured... Secure, Safe, Fast Linux Hosting sound silly as nothing can be fast and secure at the same time, but I've compiled a list of things that are worth doing if you are maintaining your own server. This list is clearly targeted for people running an open source …
3735 Days ago
No Thumbnail was found
This list is an ongoing work and since the version 1.0 (01 March 2008), a lot of nodes/ideas have been added. Secure, Safe, Fast Linux Hosting sound silly as nothing can be fast and secure at the same time, but I've compiled a list of things that are worth doing if you are maintaining your own server. This list is clearly targeted for people running an open source stack made of Apache, MySQL, PHP and Linux. By clicking read more, …
3783 Days ago
No Thumbnail was found
First let's refresh some definitions...set user ID (SUID) The SUID permission causes a script to run as the user who is the owner of the script, rather than the user who started it. It is normally considered extremely bad practice to run a program in this way as it can pose many security problems. set group ID (SGID) The SGID permission causes a script to run with its group set to the group of the script, rather than the group …
3791 Days ago
No Thumbnail was found
Windows Vista includes a new defense against buffer overrun exploits called address space layout randomization. ASLR. is just a way to hide insecure code, and make harder automated attacks on millions of machine except if....but I will come on that laterAddress space layout randomization (ASLR) is a computer security technique which involves arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, randomly in a process' address space.[WIKIPEDIA] In …
4403 Days ago
No Thumbnail was found
IBM Alphaworks have release a library for supporting the IETF SSH-2 protocol aka SSH (WikiPedia)IBM Secure Shell Library for Java is a lightweight implementation of the IETF SSH-2 protocol. The library currently implements only the basic SSH features such as password log-in and command execution. Advanced features such as tunning and X-forwarding are currently not supported. …
4751 Days ago
No Thumbnail was found
The National Security Agency (NSA)NSA/ Central Security Service (NSA/CSS) is a United States government agency responsible for both the collection and analysis of message communications, and for the security of government communications against similar agencies elsewhere. It is a part of the Department of Defense. ... ) [WikiPedia]has developed and distributed configuration guidance for Microsoft Windows NT and Windows 2000 in the form of configuration guides. These guides are currently being used throughout the government and by numerous entities as …
4834 Days ago
No Thumbnail was found
Some examples of what is going on in online eBanking applications securities...Lloyds TSB is going from a 2 stage login system to a securid (2 stage login definition at WikiPedia)in order to reduce online fraud...First, users must enter a username and password. Then, on a second screen, they are asked to use drop-down menus to choose three letters from a self-chosen memorable piece of information. The aim of using menus rather than the keyboard has been to defeat so-called "keyloggers", …
4838 Days ago