lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: uberguidoz at gmail.com (GuidoZ)
Subject: Rootkit For Spyware? Hide your adware from all Adware removers and Anti-viruses

> I realize that this is purely speculation on your
> part, but I'd be careful about saying things like
> this.  The reason is that understanding "the kernel
> and flow chart of processes" isn't really the issue.

Yes, it was mostly speculation. The most common problem I run into on
a daily basis is user error. Hence my assuption of the most likely
reason something would be "hidden" or "get by" - user error.

I was interpreting the (spam) email first mentioned claiming to be
able to hide COMPLETELY. As in, nothing can detect it, even if it was
designed to. (This would include AV def specifically for that rootkit
or a sniffer monitoring the connections and data. Todd also mentioned
this fact in a later reply.) Hence why I argued that I just don't
believe that is possible. Nothing more and nothing less. =)

> And just out of curiousity, what is the "flow chart of
> processes"?  Are you referring to mapping child
> processes back to their parent processes?  I ask, b/c
> I'm not familiar with the term.  A flow chart is
> generally a graphical depiction of a process, with
> decision points illustrated along the way...and I
> don't see how that relates to processes on a Windows
> system.

Aye. I couldn't come up with a better term off the top of my head,
hence why I put in quotes, hoping it wouldn't be taken too literally.
(And hoping someone would correct me.) Mapping is the term I was
after. Thanks. =)

--
Peace. ~G


On Thu, 23 Sep 2004 10:18:29 -0700 (PDT), Harlan Carvey
<keydet89@...oo.com> wrote:
> > Windows is likely the most susceptible to such an
> > attack due to the
> > limited amount of people that fully understand the
> > kernel and "flow
> > chart" of processes. (Or those that don't put 2 and
> > 2 together, like myself.)
> 
> I realize that this is purely speculation on your
> part, but I'd be careful about saying things like
> this.  The reason is that understanding "the kernel
> and flow chart of processes" isn't really the issue.
> 
> As with other computer systems, Windows is susceptible
> to malware/rootkit infections due to poor user and
> administrator practices, lack of management and
> configuration control, etc.
> 
> After all, rootkits were first spawned in *nix
> systems.  Even the term "rootkit" comes from the *nix
> world.
> 
> And just out of curiousity, what is the "flow chart of
> processes"?  Are you referring to mapping child
> processes back to their parent processes?  I ask, b/c
> I'm not familiar with the term.  A flow chart is
> generally a graphical depiction of a process, with
> decision points illustrated along the way...and I
> don't see how that relates to processes on a Windows
> system.


Powered by blists - more mailing lists