Bind Rootkits with Trojan servers??
-
greenguyy2
- On the way to fame!
- Posts: 29
- Joined: 18 Jan 2009, 17:00
- 15
Bind Rootkits with Trojan servers??
hello the point of root kits are to bind them with trojans to make them undetectable?
Trojans are used to drop a payload, whether its a rootkit or some simple malware.
the point of a rootkit is to allow a backdoor - so you can get back into the computer/server.
If you have already gained access to a server, you don't need a trojan to install the rootkit.
Check the forum for binder/rootkit threads
DNR
the point of a rootkit is to allow a backdoor - so you can get back into the computer/server.
If you have already gained access to a server, you don't need a trojan to install the rootkit.
Check the forum for binder/rootkit threads
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
greenguyy2
- On the way to fame!
- Posts: 29
- Joined: 18 Jan 2009, 17:00
- 15
watch the area you are trying to understand - Undetectable is a general term - somethings are UD under only certain circumstances. Undetectable under what circumstance? - it might pass a AVP screen, but under scrutiny under Process Explorer - and a experienced eye - maybe not..
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
greenguyy2
- On the way to fame!
- Posts: 29
- Joined: 18 Jan 2009, 17:00
- 15
no.
The rootkit is UD based on where you hide it, what processes have been corrupted to allow your backdoor to exist.
Rootkits depend on the OS, as they are specific to where to hide or what processes it needs to attach to.
You can install a rootkit without a trojan.
rootkits like trojans and viruses, do have a signature or heuristic behavior that can be detected by Firewalls or AVPs. So the idea is to alter its behavior to make it UD, to have it attach to a legit process that has been validated by a AVP or firewall.
DNR
The rootkit is UD based on where you hide it, what processes have been corrupted to allow your backdoor to exist.
Rootkits depend on the OS, as they are specific to where to hide or what processes it needs to attach to.
You can install a rootkit without a trojan.
rootkits like trojans and viruses, do have a signature or heuristic behavior that can be detected by Firewalls or AVPs. So the idea is to alter its behavior to make it UD, to have it attach to a legit process that has been validated by a AVP or firewall.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
many people confuse this a little, a rootkit is usually that is used to compromise a system in first place....it is used when the system is compromised already to grant stealth access to the system in the future.
so it's nothing you can send, the "victim" clicks on it and voila: system compromised! you need system access first in order to install it...
so it's nothing you can send, the "victim" clicks on it and voila: system compromised! you need system access first in order to install it...