Dailydave mailing list archives

RE: Rootkit Detection - No Worries

From: "Steve Wilson" <S.Wilson () eris qinetiq com>
Date: Tue, 28 Jun 2005 15:03:37 +0100

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gage wrote:

  
Microsoft doesn't even have confidence in their own developed 
tool to get rid of Kernel Rootkits.  Take note of the last 
paragraph of the article below.

<snip>

However the paper admits that the only way to be sure 
that you have killed a kernel rootkit is to completely
erase an infected hard drive and reinstall the 
operating system from scratch.


OK, after lurking on the list for a while I'm going to take the bait,
have a quick bite (metaphorically) and expose the world to my great
idiocy. Fear not, normal service will be resumed shortly. ;-)

Now, rootkits aren't really my thing, so feel free to point and laugh
- - but I seem to recall there being discussion during Greg Hoglund and
Jamie Butler's rootkit training course at Blackhat last year re:
infecting hardware (or, more to the point flashable firmware type
stuff) such that malicious code could survive warm reboots, cold
reboots and even hard drive reformatting/replacement. I've heard some
other random discussions and anecdotal evidence to suggest that this
might be possible. 

Sadly, I have neither the spare time, nor the hands-on
hardware/firmware experience to know just how realistic a scenario
this is. Is anyone on-list looking in detail at this sort of stuff?
Is it realistic, or more science-fiction based? I, for one, would
love to know. :-)

I'll go back to lurking now. Apologies for the interruption.

Cheers,

Steve.

- -- 
Stephen Wilson
Senior Security Consultant
Security Health Check

WW/B109, QinetiQ, St Andrews Rd, Malvern, Worcs, WR14 3PS
Tel: 01684 894153  Fax: 01684 897417




-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQsFYuSnAQqfJ4bodEQK/LQCg2rmP6u7CP4wDUMZUkf+70cJI6kMAoJXa
nXycuiKanbE6OCuMByVR+uqs
=Ky8I
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Rootkit Detection - No Worries Gage (Jun 19)
- RE: Rootkit Detection - No Worries Steve Wilson (Jun 28)
  - Re: Rootkit Detection - No Worries Adam Shostack (Jun 28)
  - RE: Rootkit Detection - No Worries Mark (Jun 29)