Friday, October 21, 2005

Commercial Rootkits Make NSM Even More Relevant

Last month I posted Rootkits Make NSM More Relevant Than Ever. A few weeks ago I spoke at a Cisco training event attended by over 400 sales engineers and broadcast to several hundred more. I built my presentation on the "NSM, Now More Than Ever" theme. Since Cisco is a network infrastructure company, my message resonated with them. I would have delivered the same message to Microsoft if asked, but I am not a 31337 BlueHat h@x0r.

Today I learned through Tom Sanders' story Rootkit creators turn professional about Golden Hacker Defender (GHD). GHD is a modification of the freely available Windows userland rootkit Hacker Defender (HD) by holy_father. Buyers can customize HD to suit their needs, which usually involves evading detection.

For example, the ultimate form of HD is listed as Brilliant Hacker Defender Forever, shown in the following screen capture. The cost is 900 Euro, or 1,077.09 USD at today's rates.

nti-virus company F-Secure brought this product to light in a recent blog posting. F-Secure's BlackLight product tries to detect rootkits; alternatives include RootkitRevealer by SysInternals and Microsoft's Strider Ghostbuster.

Blogger PABlo promises more coverage on rootkits, which I intend to follow.

No comments: