back to article So you've decided you want to write a Windows rootkit. Good thing this chap's just demystified it in a talk

Writing a successful Windows rootkit is easier than you would think. All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam. Happy days. Alternatively, write your own …

  1. Brian Miller

    How to learn how to actually write a Windows program

    Rootkits are the only way to really learn how to write Windows programs. Anything else, and you just might as well use something like JavaScript to get the "job" done. Sharpen your skills, people, and "copy con program.com"!

    Ooh, that should be an El Reg tshirt! "Stay calm and copy con program.com".

    "Root Windows for the greater good!"

    1. jake Silver badge

      Re: How to learn how to actually write a Windows program

      "Root Windows for the greater good!"

      That's no fun anymore. Every two-bit skiddie does it.

  2. Mahhn

    Detecting

    This is why I like to scan my home system from a different PC, to ensure it looks at every file. Nothing is perfect but it catches a few things local scans may miss.

    This is how we scan all our VMs at work, so it makes sense. Every VM is treated as a file, not a live system.

    I expect home firewalls (done as SaS) will become much more popular. With security companies managing them, constant updates (subscriptions) to block malicious IP/URLs, Ad services (I block all of Adchoices at the FW).

    This is the way.

    I miss being at DefCon this year, but it's great they are doing SafeMode with Networking, Enjoying the youtube presentations and hoping more people get exposure to the great work people put into making IT safer for all.

    - How I found what IPs to block basics. Open CNN in a browser, open command prompt, run netstat -an. Log all IPs. Open Foxnews, do the same. Compare the IP addresses. Take the common ones and block them. It's best to look them up first so you don't block app updaters (windows, adobe, ect) or something else you want connecting.

    1. jake Silver badge

      Re: Detecting

      "This is the way."

      If you intentionally run an insecure by design OS, I guess it's one possible bandaid. Personally, I'd rather run something not quite as vulnerable.

      Obviously, your mileage may vary. ::shrugs::

    2. David 132 Silver badge

      Re: Detecting

      This is why I like to scan my home system from a different PC, to ensure it looks at every file.

      Not if you're scanning the home PC's drive via SMB, surely? Because if there's a rootkit on there, there's no difference as far as the malware is concerned between a local user saying "show me all files in C:\windows", and a remote SMB client saying "please show me all files in \\home-pc\c$\windows".

      The only way to be "sure" is to scan the drive offline, mounted in a USB caddy. And yes, I'm aware there's ways malware can sneak past that, too.

      1. Anonymous Coward
        Anonymous Coward

        Re: Detecting

        yes offline, and that last part (other malware) BIOS malware, in HD, motherboard, and some other components. Sometimes flashing them won't even clean it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022