« Using “New Port Browsing” Events to find Worm/Trojan/Rootkit Activity
New Storm-Worm Rootkit creating Botnets »

Rootkit Unhooker Author to release new Undetectable Rootkit

The anti rootkit software author who goes by the name of EP_X0FF has released information recently about a new rootkit that he has created. EP_X0FF is the author of Rootkit Unhooker one of the best antirootkit scanners at the moment. The rootkit he has created is undetectable by all anti rootkit software. The new rootkit is to be called Unreal Test Rootkit.

Here is some information on the rootkit from the Rootkit Unhooker site:

We are introducing new generation of rootkit technology.
Unreal Test Rootkit v1.0Unreal rootkit hides file and driver. Works on NT-based operation systems with NTFS file systems.

It is Not malicious.

This rootkit is not intended to be runned with Host Intrusion Prevention Systems.
This rootkit intended ONLY for testings with AntiRootkit software.

Rootkit tech information

File system: NTFS
Implementation: DKOM
Predecessors: partially RkDemo, phide_ex and Rustock

ARK TESTS:
========================================
1. Rootkit Unhooker v3.01 BYPASSED
2. Rootkit Revealer v1.71 BYPASSED
3. F-Secure Blacklight BYPASSED
4. DarkSpy v1.05 BYPASSED
5. DarkSpy v1.05fixedbeta2 BYPASSED
6. IceSword v1.20 BYPASSED
7. GMER v1.012 BYPASSED
8. Helios v1.1a BYPASSED
9. SVV v2.3 BYPASSED
10. McAfee Rootkit Detective BYPASSED
11. Sophos AntiRootkit BYPASSED
12. TrendMicro RootkitBuster BYPASSED
13. AVG AntiRootkit BYPASSED
14. AVZ v4.23 ARK Module BYPASSED
15. BitDefender Rootkit Uncover BYPASSED
16. Panda AntiRootkit BYPASSED
17. Panda Tycan BYPASSED
18. modGreeper v0.3 BYPASSED
19. flister BYPASSED
20. UnHackMe BYPASSED
21. SEEM v4.x BYPASSED
22. SafetyCheck v1.5.x BYPASSED
23. Avira AntiRootkit BYPASSED
24. HiddenFinder v1.301 BYPASSED
25. RkDetector v0.6 BYPASSED
========================================

There are no best antirootkits.

Rootkit sources are available only by preliminary request.

Release date: very soon

regards

Steo
www.antirootkit.com

This entry was posted on Thursday, January 18th, 2007 at 5:13 pm and is filed under News, Underground, New Rootkits, Rootkit Scanners. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Rootkit Unhooker Author to release new Undetectable Rootkit”

  1. david Says:
    January 19th, 2007 at 4:52 am

    Show me a rootkit and a machine that can boot my code before the rootkit loads and I can make a tool to find it. Most x86 machines can boot from CDs so unless you plan on changing the BIOS forget about being undetectable. Unless you get control before I do, I can find you.

  2. MP_ART Says:
    January 20th, 2007 at 8:52 am

    hehe david. Just do it!.

  3. EP_X0FF Says:
    January 21st, 2007 at 10:12 am

    Yep, David, you are so smart (as always with this type of people) only on words. Just do it, kiddo.

  4. Arek Says:
    January 21st, 2007 at 4:02 pm

    Clever.
    Tried it, and none of the antirootkit tools pick it up.

    David: Thats not the point of this rootkit. The point is to hide from all current rootkit detection tools.
    Like it says:
    “This rootkit intended ONLY for testings with AntiRootkit software.”

  5. Mark Says:
    December 28th, 2007 at 5:57 pm

    Which website(s) list the CURRENTLY best anti-rootkit detector/destroyers? If I can’t stop rootkits, then there’s little computer securty anyway, so please help.

    Is the ZoneAlarm Suite, E NOD32, and good anti-rootkit software sufficient to make online banking safe?

  6. Bob Bobson Says:
    June 26th, 2008 at 2:42 am

    First of all, some rootkits CAN alter the BIOS.

    Second, I use FAT32 for all but one auxilliary partition, so I guess that this rootkit means nothing to me, so I can’t test my method on it. I suppose that’s a good thing. :)

Leave a Reply