Jump to content
Tuts 4 You

Rustock C The Beast


evilcry

Recommended Posts

Hi,

Rustock C is definitely the most powerful advanced rootkit for Windows ever seen, the Pure Evil :)

Here some papers about it

http://info.drweb.com/show/3342/en

http://www.rootkit.com/newsread.php?newsid=879

http://blog.threatexpert.com/2008/05/rusto...ested-doll.html

http://blog.threatexpert.com/2008/06/new-r...to-hotmail.html

* Sophisticated polymorphic protection of the rootkit makes extraction and analysis extremely difficult.

* Implemented as a driver, it runs on the lowest kernel level.

* Protects itself, prevents runtime changes.

* Uses active anti-debugging techniques: monitors setting hardware breakpoints (DR-registers), disrupts operation of kernel-level debuggers (e.g. Syser, SoftIce). WinDbg debugger won

Edited by evilcry
Link to comment
  • 2 months later...

thats amazing heh...

i wonder how long it would take to code something like this & who would have this much knowledge?...

What programming language do you think was used?

Edited by aztecx
Link to comment

You need to have great knowledge of Windows Internals and high Driver Coding Skills

What programming language do you think was used?

eheh easy the only languages that can be used into a driver, C and Assembler :)

Regards,

Evilcry

Link to comment

Nasty stuff Rustock, is actively being used by a Russian adware company, should be able to find their copy if anyone wants it to analyze. ;)

Link to comment
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...