CPE: McAfee AudioParasitic: Episode 6: Rootkit technology
length: 00:18:40
Scanning the system while it is running is probably not
the best way to detect rootkit…
Depending on the complexity of the rootkit, sometime
reboot is necessary
Because when it is already running how do you know? When
do you know? That a rootkit exist?
For future probably there is no rootkit per se – but a
rootkit component that can be complied module into malware…
Fu rootkit
Hackerdefender…
There is a wrong perception that rootkit spead!
There is no rookit without malicious component, there
will be no mass SPAMing of hackerdefender…
Packer: image of file in memory
The pack – “unrecognizable” in disk because it is
obfuscated..
Once it is executed it will difficult to detect…
The generic & behavioral drive have the capability to
detect this type of behavior..
People don’t realize how complex and the capability of generic/behavioral
driver/signature…
AV is not dead!
A lot of download & spyware can be detected with the
heuristic and generic driver…
The idea of rootkit or packet to hide is to be stealthy
posted by omarg at
7:26 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home