|
|
|||||||
| Technology Computing, programming, science, electronics, telecommunications, etc. |
|
|
Thread Tools | Display Modes |
02-05-2009, 09:10 AM
|
#11 | |
|
Lecturer
Join Date: Jan 2001
Location: Carmel, Indiana
Posts: 761
|
This is what I have seen
tw,
I've seen rootkits that have patched Windows DLL files and caused functions which other programs depend upon to be disabled. If a rootkit is going to infect your system, it's going to patch the Win32 APIs for IP Activity, Unexplained Processes, CPU Time, and Registry Entries, and patch other functions as needed. This is what rootkits do via APIs on Windows, and via APIs or trojaned copies of ls, ps, and other file utilities on Linux or UNIX variants. Your average user will not be running Wireshark on another PC and scanning their network to see the unexplained IP traffic. If they did, chances are that they are smart enough to not get rooted. I caught one because it didn't patch functions well enough and I was able to use Rootkit Revealer to figure out its existence due to that. Quote:
|
|
|
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Threaded Mode