|
Rootkit author Killed ! |
Post Reply 
|
Page 12> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
SpannerITWks 
Senior Member 
Joined: 14 August 2005 Location: United Kingdom Online Status: Offline Posts: 896 |
 Post Options
 Quote Reply
 Topic: Rootkit author Killed !Posted: 09 November 2006 at 12:15am |
|
hf = Holy Father, the guy who coded the " hxdef " Hacker Defender Rootkit, died recently in a car crash ! I wasn't convinced it was true at 1st, but i've since had it confirmed by " someone " who should know.
Whatever " some " people may think of him and his software, there's no doubt that he was talented. Not only that his RK's, software and info etc, all impacted on the way Operating Systems, AntiVirus etc companies had to start to change and begin to try and improve their security more seriously. A lot has happended over the years, but more often than not, it's too little too late ! Most of the improvements/suggestions and quality Apps etc, have come from smaller lesser known companies, and individuals. Rootkits were around in small numbers before hxdef appeared on the scene, but it was the release of hxdef that made things a lot easier for more people to take advantage of this technology. Which indeed they did and have done so, in increasing numbers ever since. This led to others coding their own RK's etc, and it's taken some time, but now they are almost " mainstream " ! What needs to be remembered is that, RK's in themselves are not bad at all. It's the Payload that usually comes with it that can, and often does, do the damage etc. The RK's task is to hide/stealth both itself and the Payload. Not all RK's are 100% successful in doing both, or either, but even if the're not they can be very hard to detect and remove. So that's why RK's are a clever invention, however much we despise the Payloads for all they do ! So a chapter in PC history has ended tragically, and i have to say that hf wasn't evil etc, he just enjoyed the challenge. Whatever others did with his and similar Tech, wasn't of his doing ! A gun in itself doesn't do anything whatsoever, it has to be loaded by Someone. Then it has to be pointed and fired by them to do Any damage. The RK is the gun, and the Payload is the bullet. An announcement will be made shortly over on his website - http://www.hxdef.org/ Spanner edit - typo Only Edited by SpannerITWks - 09 November 2006 at 1:16am |
|
|
Stay Safe - SpannerITWks/SpannerInTheWorks -
BOClean AntiMalware - http://www.nsclean.com/boclean.html |
|
 |
|
|
holifay
Senior Member
Joined: 22 June 2006 Location: Italy Online Status: Offline Posts: 141 |
Post Options
Quote Reply
Posted: 09 November 2006 at 7:30am |
|
thanks Spanner for this news. If it's true, it's really very sad, a loss for all people who like to know something more about their PCs
|
|
|
Do you think to have an infected file? Send it to SuspectFile
|
|
|
|
|
Dragon
Groupie 
Joined: 27 April 2006 Online Status: Offline Posts: 48 |
Post Options
Quote Reply
Posted: 09 November 2006 at 6:55pm |
|
Are you really sure Spanner then it's a fact? Know You really good that person, which gave that comment on mentioned site?
-- Dragon |
|
|
|
|
SpannerITWks
Senior Member
Joined: 14 August 2005 Location: United Kingdom Online Status: Offline Posts: 896 |
Post Options
Quote Reply
Posted: 09 November 2006 at 8:24pm |
|
Dragon Hi, Like i said, i didn't know quite what to make of it at 1st, so i asked if it was true before i decided to post anything else about it. ch0pper who is known to me and hf, and has been on the RK " scene " for some time, confirmed it. If it turns out not to be correct after all, then it's all in Very bad taste indeed, and i'll have some words to say to a few people, and " some " people won't be trusted again. We'll have to wait and see what the " news " in the promised forthcoming announcment is ? Spanner |
|
|
Stay Safe - SpannerITWks/SpannerInTheWorks -
BOClean AntiMalware - http://www.nsclean.com/boclean.html |
|
|
|
|
Dragon
Groupie
Joined: 27 April 2006 Online Status: Offline Posts: 48 |
Post Options
Quote Reply
Posted: 09 November 2006 at 9:12pm |
|
We must wait and I'm sure that 2-3 weeks is enough time to post that kind of info on the main page.
 -- Dragon Edited by Dragon - 09 November 2006 at 9:19pm |
|
|
|
|
SpannerITWks
Senior Member
Joined: 14 August 2005 Location: United Kingdom Online Status: Offline Posts: 896 |
Post Options
Quote Reply
Posted: 10 November 2006 at 5:02am |
|
holifay Sorry i missed your post earlier ! Yes, some people won't understand that hf and others, have actually benefitted the world of security. And many have and do learn by experimenting in attack mode, including the vendors ! Spanner |
|
|
Stay Safe - SpannerITWks/SpannerInTheWorks -
BOClean AntiMalware - http://www.nsclean.com/boclean.html |
|
|
|
|
Karlchen
Senior Member
Joined: 18 June 2005 Location: Germany Online Status: Offline Posts: 5121 |
Post Options
Quote Reply
Posted: 10 November 2006 at 1:08pm |
|
Hi, Spanner,
I won't start an argument with you about how to judge a person like HF. Yet if he died in a car crash then why did you choose a title which might as well suggest he was murdered? Why not something like "Rootkit author died in a car crash"?
This point of view is rather doubtful. But the arms industry will gladly quote your statement. 
Just my 2 cents. Karl Edited by Karlchen - 10 November 2006 at 1:14pm |
|
|
|
|
SpannerITWks
Senior Member
Joined: 14 August 2005 Location: United Kingdom Online Status: Offline Posts: 896 |
Post Options
Quote Reply
Posted: 10 November 2006 at 4:49pm |
|
Karlchen Hi, Because in the UK anyway, this is often how we would descibe such events, someone was killed by getting crushed in a car crash etc ! But i don't have a problem with your suggestion either. Re the gun analogy - I was talking about a handgun, not any big computer controlled devices etc. So someone would have to physically do as i stated, otherwise it would just do nothing forever on it's own. As a general point about hf and the like. I expect not everyone may share my view on them, but the people that should Really be vilified, are the ones behind the Zlobs/CWS/Gromozon etc etc, and All that Spam and fake AS/AV programs etc. As far as i'm aware, hf had nothing to do with any of that **** Anyway there's no doubt that hf is a part of RK history, and helped change the landscape, in more ways than one ! Spanner |
|
|
Stay Safe - SpannerITWks/SpannerInTheWorks -
BOClean AntiMalware - http://www.nsclean.com/boclean.html |
|
|
|
|
Karlchen
Senior Member
Joined: 18 June 2005 Location: Germany Online Status: Offline Posts: 5121 |
Post Options
Quote Reply
Posted: 10 November 2006 at 5:20pm |
|
Hi, Spanner.
Let me state one thing clearly, in case somebody doesn't know: Your helping hand here in the forum is definitely much appreciated, by those you patiently helped get rid of some malware and by me, too. 
Nonetheless, I disagree on the bias of this particular thread. About the title: as English is not my native language it may be that the title sounded different to me than to native speakers. About the guns: the difference between military weapons and handguns is just that handguns cannot be used to kill as many people in one stroke as the military weapons can. But whoever produces weapons cannot argue he does not know what they will be used for. Much the same with rootkits. There is no such thing as a neutral rootkit, a rootkit without a malicious payload. A rootkit without a payload is a POC. Whoever develops and distributes a new rootkit can be sure there will be people adding different kinds of malicious payloads, even if he himself does not do so. He cannot argue he does not know what it will be used for precisely. Praising the creator of rootkits for having contributed to a deeper understanding of computers and software is much like saying thanks to burglars because they demonstrate that wooden doors simply are not safe enough. Without burglars we would not need any safety doors and wooden doors would be good enough.
This is my personal point of view. Kind regards, Karl |
|
|
|
|
SpannerITWks
Senior Member
Joined: 14 August 2005 Location: United Kingdom Online Status: Offline Posts: 896 |
Post Options
Quote Reply
Posted: 11 November 2006 at 12:26am |
|
Karlchen Hi there, First off Thanx 4 the Thanx, much appreciated indeed ! I knew some people would have different views on this, as i said previously. But that's fine with me, it Really is, as progress in life is often made through looking at things laterally as well as logically etc. Communicating with, as " some " might see it, " the enemy " can actually be more beneficial than ignoring them, hoping they'll go away, and calling them names etc. I'm not saying you have of course, but many people do seem to take that rather unconstuctive approach, which just doesn't work. In fact it makes things far worse, as it alientes them and creates a kinda war zone, which can get very nasty, and has in the past. Dialogue and understanding are the keys here to a brighter future, as would you believe, even coders have hearts too ! 4 Sure " A rootkit without a payload is a POC " Still clever though, especially if coded correctly. And i certainly couldn't do it, and havn't even tried lol. Guns can be used offensively or defensively ! Unfortunately we can't disinvent the wheel, as much as " some " may wish to, so we have to work around what we have and where we are. Speaking of which, a vehicle can be used passively or aggressively, think 911. Also RK's are not only used for crime etc, just remember the SONY fiasco, and similar Apps that use them for copying etc enforcement/protection. Wooden doors are no good if there's a fire, steel etc is better ! I know what you mean though. Our very own RootkitRevealer page - http://www.microsoft.com/technet/sysinternals/utilities/Root kitRevealer.mspx - actually links to Real live RK's and info that can be used for whatever ! Right there in the Introduction it has Direct link to rk.com - " RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). " - At the bottom of the same page are more Direct links to RK's and further info etc - Rootkit Resources " The following Web sites and books are sources of more information on rootkits: This site contains sample code for a number of user-mode and kernel-mode rootkits as well as ongoing discussions on how to develop rootkits. This site stores the archive of Phrack, a cracker-oriented magazine where developers discuss flaws in security-related products, rootkit techniques, and other malware tricks. " - Actually it was someone else who mentioned " a deeper understanding of computers " etc, but i acknowledge i agreed, and also included my own thoughts too. Spanner |
|
|
Stay Safe - SpannerITWks/SpannerInTheWorks -
BOClean AntiMalware - http://www.nsclean.com/boclean.html |
|
|
|
|
Post Reply
|
Page 12> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
