Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
RookitRevealer is Now a Moving Target
Last week Sysinternals released a new version that uses random executable names to make the tool a moving target.
ITPro Today
March 28, 2005
1 Min Read
On March 2 I wrote about RookitRevealer, which is a new tool from Sysinternals that can help sniff out rootkits. The tool is still in development and last week Sysinternals released a new version that uses random executable names to make the tool a moving target.
Apparently rookit designers had already started creating ways to hide from RootkitRevealer, which probably wasn't very difficult for them to do since they knew the executable file name. Now with the random executable name rootkit designers are faced with a much more difficult challenge in developing effective forms of evasion. Undoubtedly they're very busy with that task.
About the Author(s)
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
_(1).png?width=700&auto=webp&quality=80&disable=upscale)
.png?width=700&auto=webp&quality=80&disable=upscale)