[145607] in cryptography@c2.net mail archive
Using file-hiding rootkits for good
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Aug 3 11:43:42 2010
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: cryptography@metzdowd.com
Date: Wed, 04 Aug 2010 01:42:15 +1200
I recently came across an example of a file-hiding rootkit for Windows that's
used for good instead of evil: It's a minifilter that hides (or at least
blocks, the files are still visible) access to executables on removable media,
with user-configurable options to block autorun.inf and/or all executables, as
well as making files on the media non-executable (although you could still map
them into memory and then execute them from there if you really wanted to).
This is a neat idea, since it stops a pile of exploits that take advantage of
the autorun capability. More at http://blog.didierstevens.com/programs/ariad/.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
