Comments on: Beyond Rootkits: World’s First Standalone Kernel Mode Bot?

by: Anubis

Wed, 06 Sep 2006 21:09:45 +0000

You know whats funny is it sounds like you guys that commented above me have no clue of what you are talking about. First off, this will be no worse than any other rootkit out there. Now if he divised some new rootkit technology, like a new way to hook ntoskrnl.exe’s services then yeah, i’d be impressed. Tibbar, he’s a good developer, but this whole Kernel-Mode IRCBot is not a new concept. I wrote a Kernel-Mode driver that exploited a remote windows system service to download the driver to the remote machine and run it. If I had released this into the wild there would be much more damage(possible) than your normal virus or worm. Rootkits(kernel drivers) have a much higher level of privileges, and my driver would do *anything* i wanted it to. It would not be restrained to the currently running user context.

by: myrdd1n

Mon, 10 Apr 2006 06:54:10 +0000

@weedougie
That is why something like this will never become a commercial product.
The source will leak, and people who actually have a clue will start compiling and distributing to unsuspectng user’s computers.
I foresee an entire new breed of botnets. This new IRCBot gets major brownie points because it will most likely be undetectable by most of today’s Anti Virus software.

by: weedougie

Sun, 09 Apr 2006 07:26:17 +0000

Having read what it is supposed to do it appears to me to breach the European Human Rights Act in so much as it violates the right of privacy in your home and family life. If this becomes commercial who will be the first to take whoever to court?

by: Eligah Underwood (Rife)

Fri, 07 Apr 2006 08:07:12 +0000

Very interesting - it’ll be even more intresting to see a functional animal once in the wild!

Only down side I can see - is now my rootkit books are out of date!

[BTW - is the question Base10?]