Thursday, July 28, 2005

Shadow Walker Root Kit Eats Anti-Virus for Breakfast | Threadwatch.org:
"The proof-of-concept, dubbed Shadow Walker, is a modification of Butler's FU rootkit, a kernel-level program capable of hiding processes and elevating process privileges. The rootkit uses DKOM (Direct Kernel Object Manipulation) to fake out the Windows Event Viewer to make forensics virtually impossible and can also hide device drivers

anti-virus scanners must 'completely revamp' existing rootkit detection technologies"