September 8, 2008 20:38 | by
o Hide processes
o Hide network sockets
o Hide files
o Get a remote MOSDEF Node (via hidden userland-backdoor)
The major benefit of the DR rootkit is that all this happens transparently to the end user. The children of a hidden process are also automatically hidden. The sockets a hidden process creates are also hidden. But if you are a hidden process, you can see hidden resources. This makes the DR rootkit nicely manageable.
o Hide network sockets
o Hide files
o Get a remote MOSDEF Node (via hidden userland-backdoor)
The major benefit of the DR rootkit is that all this happens transparently to the end user. The children of a hidden process are also automatically hidden. The sockets a hidden process creates are also hidden. But if you are a hidden process, you can see hidden resources. This makes the DR rootkit nicely manageable.
May 24, 2008 09:08 | by
Gh0st RAT
C.Rufus Security Team
http://www.wolfexp.net
控制端采用IOCP模型,数据传输采用zlib压缩方式
稳定快速,上线数量无上限,可同时控制上万台主机
控制端自动检测CPU使用率调整自己的工作线程, 稳定高效
宿主为svchost以系统服务启动,有远程守护线程,上线间隔为两分钟。
C.Rufus Security Team
http://www.wolfexp.net
控制端采用IOCP模型,数据传输采用zlib压缩方式
稳定快速,上线数量无上限,可同时控制上万台主机
控制端自动检测CPU使用率调整自己的工作线程, 稳定高效
宿主为svchost以系统服务启动,有远程守护线程,上线间隔为两分钟。
