Golden Hacker Defender

........we received the first sample of Golden Hacker Defender around a month ago. This is the commercial private version of the Hacker Defender rootkit. Bad boys are purchasing this tool in order to hide their tracks...and might pay over 500 EUR for it, depending on the features.

The sample we got was found by a company from several of their Windows servers. The discovery was made while they were testing the latest beta version of BlackLight.

The most notable feature of this non-public Golden Hacker Defender is it's anti-detection engine. It is able to bypass most of the modern rootkit detectors. The anti-detection engine identifies detectors through a binary signature before the detector has a chance to execute. If the signature matches, the rootkit can disable some of its hooks or it can patch the detector's binary to modify its functionality. F-Secure : News from the Lab

Linked by shanmuga Wednesday, 12th October 2005 3:39AM