Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Malware
  New Posts New Posts RSS Feed - Z0mBiE rootkit
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Topic ClosedZ0mBiE rootkit

 Post Reply Post Reply Page  123 22>
Author
Message
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Topic: Z0mBiE rootkit
    Posted: 27 February 2008 at 4:18am
Does anyone have links to this software?
Chinese server must be under heavy DDOS, I can't d/l IceSword from PJF site.

Thanks.


Edited by EP_X0FF - 29 February 2008 at 6:21am
Back to Top
a_d_13 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 September 2007
Status: Offline
Points: 268
Direct Link To This Post Posted: 27 February 2008 at 5:35am
Here's a Rapidshare link.
 
The site seems to be alive (according to nmap), but it's REALLY slow.... 
 
Thanks,
--AD
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Posted: 27 February 2008 at 6:17am
Thank you very much, I got the file. Just to test one interesting concept of user mode rootkit :)


Edited by EP_X0FF - 27 February 2008 at 6:29am
Back to Top
a_d_13 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 September 2007
Status: Offline
Points: 268
Direct Link To This Post Posted: 27 February 2008 at 6:52am
No problem Smile.
What concept are you testing, if I may ask?
 
 
Thanks,
--AD
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Posted: 27 February 2008 at 6:56am
User land rootkit, which hides it process from almost all detectors, except most advanced detectors. No hooks, no drivers. Just concept for Windows XP SP2. This is a result of dispute with my friend. I can post it here when I finish it (the last thing what I must to do - bypass BlackLight and IceSword v1.22).
Back to Top
Elite View Drop Down
Senior Member
Senior Member
Avatar

Joined: 15 April 2007
Location: United States
Status: Offline
Points: 175
Direct Link To This Post Posted: 27 February 2008 at 8:13am
LOL

Can't wait.
4 > 1
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Posted: 27 February 2008 at 8:42am
I can make it multiplatform, add support for Windows 2003, Vista and Windows 2008, but I doubt that this is really needed.

added:
Done, latest BlackLight and IceSword v1.22en bypassed.


Edited by EP_X0FF - 27 February 2008 at 9:09am
Back to Top
SystemPro View Drop Down
Senior Member
Senior Member
Avatar

Joined: 26 April 2007
Location: Germany
Status: Offline
Points: 520
Direct Link To This Post Posted: 27 February 2008 at 1:00pm
Quote User land rootkit, which hides it process from almost all detectors, except most advanced detectors. No hooks, no drivers. Just concept for Windows XP SP2.
Blue Pill Unknown like I guess.
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Posted: 27 February 2008 at 4:19pm
No Blue Pills and other VT related idiocy. Just a little user land code.
Back to Top
Schtrudel View Drop Down
Newbie
Newbie


Joined: 15 November 2005
Location: Israel
Status: Offline
Points: 35
Direct Link To This Post Posted: 28 February 2008 at 2:54pm
Are you bypassing all the actual ARKs with Userland RK?
Wow! I thought we already passed this point...
When are you posting a proof of concept?
Back to Top
 Post Reply Post Reply Page  123 22>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.