Archive for March, 2007

Rootkit and Malware Analysis for Beginners

Tuesday, March 13th, 2007

Have you ever wondered how the experts analyse Malware and Rootkits? Well ZaiRoN has submitted an excellent article titled “Malware analysis: Nailuj sys file“. It is a very good analysis of malware that was found around 9th January 2007. The approach from ZaiRoN is one with beginners in mind and indeed he does a very good job of making it easy for relative beginners to understand.

Nailuj Analysis

The article goes into detail on how the malware gets into the registry, how it hides itself from the Operating System and how it gets to Auto Start.

Many thanks to ZaiRoN for submitting the article.

Keep Safe

Steo
www.antirootkit.com

References: Malware analysis: Nailuj sys file

New Anti Rootkit Scanner – HELIOS Lite released

Saturday, March 10th, 2007

The Award winning Information Security company, MIEL e-Security Pvt Ltd, from India have relesed a new version of thier Anti Rootkit program HELIOS called HELIOS Lite:

HELIOS Lite Screenshot

From the Helios Blog: 

“We’re pleased to announce a new version of Helios called Helios Lite. After listening to feedback from the community and upgrading a lot of our detection technology, we are releasing Helios Lite.
 

Helios Lite is a rootkit detection product based on some of the components of the Helios rootkit detection technologies. It is an implementation of the idea of Cross View Detection for the detection of persistent and non-persistent rootkits. It successfully detects a large number of user mode and kernel mode rootkits including Hacker Defender, Vanquish, Fu, FuTo, phide_ex and Unreal.A. It searches for hidden processes, hidden files as well as hidden registry keys.

Helios Lite was designed to be quick and portable, it does not require installation and can be run off a USB drive. The only prerequisites are that it is run as a system administrator. This release of Helios does not require the .Net Framework and will work on any system with Windows XP SP2 system. For using all the features, an NTFS formatted system disk is recommended. The addition of the word ‘Lite’ to the name does not represent a lesser set of features, this version of Helios is even more powerful than the earlier release. We’ve called it ‘Lite’ simply because it has very minimal system requirements and does not need installation.”

Get yourself a free copy and try it out today.

References:
http://www.antirootkit.com/software/helios.htm
http://helios.miel-labs.com/

Stay Safe

Steo