<September 2021>

On this page...



Member of...

ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories



Deutsche Resourcen


Sign In

#  Wednesday, July 28, 2004

The MSR article Why It’s A Bad Idea For Stealth Software To Hide Files had me stumble across a project of MSR, Strider. According to the description, it is "a black-box, state-based, and component-based approach to systems management and diagnostics. The statistical data analyses that we produce and the infrastructures and tools that we build help users manage their systems today and help developers design new operating systems with better manageability tomorrow."

I really like the idea of Strider Ghostbuster that is outlined in the article - to convince you to read it yourself, I'll show the overview diagram of what Ghostbuster does (Figure 1. The ScanDiff approach to exposing file-hiding software [from the aforementioned article]):

Ghostbuster allows you to find rootkits, keyloggers and other malware that hides itself from plain directory listing. How is it done? Perform a directory listing on the infected machine (step #1), boot from a WinPE CD and scan again (step #2), and then compare the two scans (step #3). You'll see immediately what was hidden, and it takes only around 15 minutes to do this - absolutely neat!

Closing words: be sure to check out the References section of the article!

Categories: MSR | Security
Wednesday, July 28, 2004 10:19:16 AM (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]


© Copyright 2021 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.