lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: uberguidoz at gmail.com (GuidoZ)
Subject: Rootkit For Spyware? Hide your adware from all Adware removers and Anti-viruses

As I referenced in my previous reply, Todd stated what I was arguing against.

> We all know it doesn't take a lot to hide from the normal everyday user
> on the internet. I believe that is what they meant by "hide from
> everything". Of course it isn't completely hidden. But normal users are
> not sniffing packets from a computer on a isolated network to find
> things.

I took the word "everything" literally. Hence why I argued it was mere
spam with false claims. Also, why I asked "If this was actually
possible, don't you think it would of been big news?". For example, we
likely would of seen code/discussion for it on this mailing list, or
ASM on Rootkit.com before receiving a spam email for it.

But again, I suppose this is also speculation to a point. I by no
means consider myself the most knowledgable on the topic.

Harlan, forgot to mention this before: Awesome website. I'm looking
for a good price on the book in another tab while typing this email.
=)

--
Peace. ~G


On Thu, 23 Sep 2004 13:59:04 -0500, Todd Towles
<toddtowles@...okshires.com> wrote:
> We all know it doesn't take a lot to hide from the normal everyday user
> on the internet. I believe that is what they meant by "hide from
> everything". Of course it isn't completely hidden. But normal users are
> not sniffing packets from a computer on a isolated network to find
> things.
> 
> We live in a different world than the normal person, that is what I tell
> my non-computer friends anyways.
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of GuidoZ
> Sent: Thursday, September 23, 2004 11:54 AM
> To: Matt
> Cc: Will Image; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Rootkit For Spyware? Hide your adware
> from all Adware removers and Anti-viruses
> 
> > It is quite possible to hide processes, reg keys and files, and is
> > often done by various malware.
> 
> Aye. I didn't word my statements correctly. (Was tired... =P ) You are
> very much correct.
> 
> I guess I was trying to speak along the lines of AV detection and
> forensics. I've yet to find a rootkit, spyware, or malware that is
> COMPLETLY hidden, in every aspect, from the user. There is always a way
> to find it. Granted, they can bypass the "usual means" (regedit,
> taskmanager, etc) in Windows, however there are specialized tools
> (process viewers for example) that show hidden processes. What I meant
> to express is they seem to claim being able to hide from everything.
> (Even if an AV solution detected the very program they use as an
> installer.) That, I doubt.
> 
> To save someone else from saying this, I'll reply to my own comment. =)
> 
> > I've yet to find a rootkit, spyware, or malware that is COMPLETLY
> > hidden, in every aspect, from the user.
> 
> Well, DUH. How could you find it if it was COMPLETELY hidden? ;)
> Clarification: The user and a sysadmin that has a clue are two very
> different people.)
> 
> --
> Peace. ~G
> 
> On Thu, 23 Sep 2004 14:38:34 +1000, Matt <matt@...temlinux.net> wrote:
> > GuidoZ wrote:
> > > Interesting indeed. Although, I imagine this was a spam email, and I
> 
> > > never believe (nor buy) anything from spam. I wondr how credible
> > > this really is. If there was such a way to do what they claim, don't
> 
> > > you think it would have been big news?  >One would think you
> > > wouldn't first hear about it through spam.
> > >
> > It is quite possible to hide processes, reg keys and files, and is
> > often done by various malware.
> >
> > > Also - nice website they have. http://www.randexsoft.com Simply
> says:
> > >
> > > Access Forbidden -- Go away.
> > >
> > > I love a company who is customer friendly.
> > >
> > > --
> > > Peace. ~G
> > >
> > >
> > > On Wed, 22 Sep 2004 20:10:28 -0700 (PDT), Will Image
> > > <xillwillx@...oo.com> wrote:
> > >
> > >>I recieved this in my inbox today:
> > >>how long do you think this company will last?
> > >>
> > >>
> > >>>Date: Wed, 22 Sep 2004 19:02:44 -0400
> > >>>From: Jacques Tremblay <jacques.tremblay@...il.com>
> > >>>To: xillwillx@...oo.com
> > >>>Subject: Hide your adware from all Adware removers and Anti-viruses
> > >>>
> > >>>To: Business development manager
> > >>>
> > >>>Subject: Hide your adware from all Adware removers and
> > >>>Anti-viruses
> > >>>
> > >>>
> > >>>
> > >>>Hi,
> > >>>       Adware removers are gaining in popularity and they cause a
> > >>>big revenue threat to adware based businesses, as we see our
> > >>>software installations get desinstalled after a period of time that
> 
> > >>>is shorter and shorter, we see our revenues get smaller and
> > >>>smaller.
> > >>>
> > >>>       Why would an honest adware based business lose revenue just
> > >>>because some adware remover has identifyed it as being something to
> 
> > >>>remove ?
> > >>>
> > >>>       We beleive we have the right to hide from these adware
> > >>>removers as long as we provide a way for the user to uninstall and
> > >>>that he agrees that the software will be uninstalled only with the
> > >>>provided uninstaller.
> > >>>
> > >>>       It is in that spirit that we created the solution to the
> > >>>problem :
> > >>>
> > >>>
> > >>>AdProtector 1.2
> > >>>
> > >>>
> > >>>       We have developed software capable of hiding your software
> > >>>from all adware removers and anti-viruses on a Windows
> > >>>NT/2000/2003/XP machine.
> > >>>
> > >>>       Basically we have filtered the windows kernel so that we
> > >>>could mofify the behavior of the system itself. So now we can hide
> > >>>anything we want from windows.
> > >>>
> > >>>                           It can :   - Hide Registry Keys
> > >>>                                      - Hide Files
> > >>>                                              - Hide Processes
> > >>>
> > >>>       By hiding these 3 key elements from windows, your
> > >>>application won't ever be detected by any adware removers.
> > >>>
> > >>>       Interesting ?
> > >>>
> > >>>       For more information or to resquest a Demo :
> > >>>  email :
> > >>>hexa@...dexsoft.com
> > >>>
> > >>>Business is moving fast, keep ahead of the competition!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ