Kernel Mode IRCbot

This means that detecting rootkits could get a hell of a lot more difficult that it currently is, for more info on this see Tibbar’s blog.
The source code for this project is also up for download on his site, so what does this mean to the security community? Comments people?

  • kurt wismer

    more grist for the ‘stop redefining things’ argument… avoiding the pitfalls of stealth is no more difficult (conceptually) now than it was 10 years ago… boot from a known clean, removable medium and don’t run code from the suspect drive… if we were still calling this stealth instead of rootkits we’d probably do a better job of remembering past solutions to the problem…

  • Pasv

    Im going to have to agree with kurt. I’ve seen PLENTY of backdoors.. nothing is new really. Except maybe those freakish ACPI backdoors. Kernel mode IRC bots sounds like fun though. :) Just imagine getting a BoF on it! Lots of hackers don’t use secure coding themselves you know! xD