Skip navigation

RookitRevealer is Now a Moving Target

On March 2  I wrote about RookitRevealer, which is a new tool from Sysinternals that can help sniff out rootkits. The tool is still in development and last week Sysinternals released a new version that uses random executable names to make the tool a moving target.

Apparently rookit designers had already started creating ways to hide from RootkitRevealer, which probably wasn't very difficult for them to do since they knew the executable file name. Now with the random executable name rootkit designers are faced with a much more difficult challenge in developing effective forms of evasion. Undoubtedly they're very busy with that task.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.