Thursday, January 19, 2012

CPE: McAfee AudioParasitic: Episode 6: Rootkit technology

length: 00:18:40

Scanning the system while it is running is probably not the best way to detect rootkit…
Depending on the complexity of the rootkit, sometime reboot is necessary
Because when it is already running how do you know? When do you know? That a rootkit exist?

For future probably there is no rootkit per se – but a rootkit component that can be complied module into malware…

Fu rootkit

There is a wrong perception that rootkit spead!
There is no rookit without malicious component, there will be no mass SPAMing of hackerdefender…

Packer: image of file in memory

The pack – “unrecognizable” in disk because it is obfuscated..
Once it is executed it will difficult to detect…

The generic & behavioral drive have the capability to detect this type of behavior..
People don’t realize how complex and the capability of generic/behavioral driver/signature…
AV is not dead!
A lot of download & spyware can be detected with the heuristic and generic driver…
The idea of rootkit or packet to hide is to be stealthy

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home