Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Rootkits

Posted by michael on from the every-box-should-have-one dept.

GuidoJ writes "The Register is running an article by Kevin Poulsen of SecurityFocus Online about rootkits in Windows NT. While rootkits are a well-known issue in Unix and Linux systems, they have rarely been found on compromised Windows machines. According to the article, Windows NT backdoors have always been 'trivial', and they have caused enough havoc already. Imagine what a stealthy rootkit could do!"

19 of 322 comments (clear)

  1. And all this time by antis0c · · Score: 5, Funny

    I thought Windows WAS a rootkit.

    --

    ..There's a-dooin's a-transpirin'
  2. Roots on Windows aren't as l337 by numbski · · Score: 2, Funny

    What I mean, is that what are you going to do from a windows remote terminal? I mean honestly, it's not that cool to have a windows terminal server session open (presuming that service is even set up), and even though you can telnet into windows, hacking in DOS just isn't 1337 enough. :P

    Watch as I type edit and the screen goes blank!

    --

    Karma: Chameleon (mostly due to the fact that you come and go).

  3. Is this new??? by TopShelf · · Score: 4, Funny

    I thought this was called "Windows Update"...

    --
    Stop by my site where I write about ERP systems & more
    1. Re:Is this new??? by Anonvmous+Coward · · Score: 1, Funny

      "I thought this was called "Windows Update"..."

      No, it's called Outlook Express.

  4. This shows that Windows by ksheka · · Score: 4, Funny

    ...is approaching parity with Linux.

    --
    alias uptime="echo '5:33pm up 22342352324 days, 6:28, 2124315623 users, load average: 2432.40, 12312.31, 123123.19'"
  5. Heh...that's one way to decrease install size.. by A_Non_Moose · · Score: 4, Funny

    quote:
    "The stealth driver in my mind is the scary concept," says Mertens. "You can hide an elephant with it."

    So the first thing they do is hide the \winnt folder?
    .

    --
    Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
  6. Let's pretend I'm on linux... by pr0ntab · · Score: 2, Funny

    Aha! I compromised a process running as root (for example). What shall I do now? I know, I'll insmod IHAX0REDUGOOD.so after dld'ng it from my xoom.com warez page. Oooh, now I can install zombieslaved and use IHAX0REDUGOOD to prevent anyone from seeing it.

    So what about this is more difficult than windows? An API must exist for a driver to be loaded, therefore it can be exploited. The tool that interacts with a user installing a driver uses this API, the rootkit bypasses all possible interaction (and uses its priveledged position to hide its existance)

    --
    Fuck Beta. Fuck Dice
  7. Silly article, sensationalism and slim facts by AEton · · Score: 2, Funny

    Jon Littman wrote an interesting book about Kevin Mitnick entitled The Fugitive Game. In it he partly addresses the situation of an FBI informant and not-so-l33t hax0r, Kevin Poulsen. 100 to 1 this is the same l33t hax0r. Way back in the day--1990--Poulsen was described as not very l33t:

    Their UNIX expertise was not high....I got the feeling these were guys not used to thinking in terms of multiuser systems, not being alert to the fact that "who"s and "ps"s casually invoked by someone else could expose them.

    Now I grant you that 13 years is a lot of time for someone to change and learn to abandon stupid sensational media tactics. But look at the substance of the linked slashdot article : "I wrote a rootkit for Windows, I'm cool, and I ran a script kiddie workshop so lots of people can do it! By the way, I screwed up the old code. But the new ones the evil hax0rs will make will be really bad. .. So hire me as a consultant!"...um, yeah, right.

    --
    We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
  8. Terminology by gmuslera · · Score: 3, Funny

    For what the article say, it is more a BSODkit than anything else.

  9. Re:rootkit my ass by Anonymous Coward · · Score: 3, Funny

    But why would you do that? Delerious you are! That would be so hard to command.Compare that to a simple telnet session.

  10. Why install a rootkit? by CoyoteGuy · · Score: 3, Funny

    Why install a rootkit when there are so many other, much easier vulnerabilities to exploit? I mean, come on... What haxx0r has time to write a rootkit, when they have oodles of options at their fingertips? It's the difference between a script kiddie and a real h@xx0r..

    If it were me, I would just find a buffer overflow, and have some fun..

    --
    Slashdot.. Land of nerds, trolls, and FlameBait..
  11. Re:No need to run Windows as an Administrator by g0hare · · Score: 2, Funny

    hey, be careful, actually knowing how w2k and xp work could get you banned from slashdot.

    --
    Vote Quimby!
  12. Windows Rootkit by Sgs-Cruz · · Score: 2, Funny

    A simple windows r00tkit can be found here. :)

    --

    Karma: pi (Mostly due to circular reasoning in posts).

  13. His name is Kevin Poulsen... by Anonymous Coward · · Score: 1, Funny

    His name is Kevin Poulsen...

    His name is Kevin Poulsen...

    His name is Kevin Poulsen...

  14. Re:How do you know Bill didn't? by Imperator · · Score: 4, Funny
    With closed source code, how do you know that there isn't a root kit included?
    Because China is getting access to the code, and if there's one code review team to make Microsoft trustworthy, it's the Chinese government.
    --

    Gates' Law: Every 18 months, the speed of software halves.
  15. Re:How to clean boot Windows? by Jmstuckman · · Score: 2, Funny

    Did you ever try to boot a CD-R on a machine that doesn't support bootable CD's? It's not much fun.

  16. Re:How do you know Bill didn't? by t0ny · · Score: 2, Funny
    With closed source code, how do you know that there isn't a root kit included?

    I heard that they put code in Windows XP that will drink your last beer, leave the toilet seat up, and sleep with your wife while you are at work.

    --

    Manipulate the moderator system! Mod someone as "overrated" today.

  17. installing a Windows rootkit by g4dget · · Score: 2, Funny

    Is that like pouring a bucket of water into the ocean? Or bringing a boxed lunch to an all-you-can-eat buffet?

  18. The very best line from the article: by shrikel · · Score: 3, Funny

    "I'm absolutely, one hundred percent positive that there's probably ten more that we haven't seen publicly,"

    --
    Any sufficiently simple magic can be passed off as mere advanced technology.