Saturday, February 10, 2007

Leaving Babylon

Makers of the tiny, powerful RootkitUNhooker have released
a new version. Earlier, I posted about the Unreal rootkit test file,
which bypassed nearly every known anti-rootkitter; version
3.20 of RKU detects Unreal.A

*Here's a list of some of the rootkits that RKU detects and removes.
*Latest version: [updated February 18th, 2007]
*Info about the next version:
version 3.30 will include:

added: DKOH detection (not unhookable) for common kernel objects
added: ability to dump kernel memory region
added: AntiRkU and based tools bypassing, xdf updated to v0.7
fixed: few bugs in driver, related to self-protection part

And some other features not listed here, because they are not ready yet.
Release date: as soon as it will be ready tongue

-Thank you, independent coders, for advancing security software
farther than any AV company ever could.

Another interesting note: while reading the RKU forum, I happened
upon a post by someone requesting source code for the program.
One of the authors of RKU responded:

"If we give sources for public, they also will be used for malware

No comments: