Dailydave mailing list archives
Re: DR Linux 2.6 rootkit released
From: "Piotr Bania" <bania.piotr () gmail com>
Date: Fri, 5 Sep 2008 07:24:12 +0200
For sure I wasn't the first one using DRx for rootkit/backdoor coding, but I think my 2006 Black Hat presentation predates this Phrack article: http://invisiblethings.org/papers/joanna%20rutkowska%20-%20subverting%20vista%20kernel.ppt (slide #41) :)
For sure you were not even close. PM.Wanderer or Orgasmotron virus used this *debug registers* technique back in 1997 already. - PM.Wanderer : http://old.antivir.ru/english/lib/wanderer.htm - Orgasmotron (Vecna.Tron): http://www.viruslist.com/en/viruses/encyclopedia?virusid=19117 - pb -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33 -------------------------------------------------------------------- - "The more I learn about men, the more I love dogs." _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- DR Linux 2.6 rootkit released Bas Alberts (Sep 03)
- Message not available
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Message not available
- Re: DR Linux 2.6 rootkit released Joanna Rutkowska (Sep 04)
- Re: DR Linux 2.6 rootkit released Piotr Bania (Sep 05)
- <Possible follow-ups>
- Re: DR Linux 2.6 rootkit released Pierre Falda (Sep 04)
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Re: DR Linux 2.6 rootkit released Mohammad Hosein (Sep 04)
- Re: DR Linux 2.6 rootkit released Valdis . Kletnieks (Sep 04)
- Re: DR Linux 2.6 rootkit released Jon Oberheide (Sep 05)
- Re: DR Linux 2.6 rootkit released Curt Wilson (Sep 05)
- Re: DR Linux 2.6 rootkit released Mohammad Hosein (Sep 04)