In this post we will discus some of the classic windows based rootkits and please note that this discussion will be study based. I don’t guarantee these rootkits will work as it is as they worked before. By the way lets continue I hope you’ll take little interest in understanding what these rootkits were able to do, so that when you’ll need to plant or detect a rootkit manually you should not find its not your piece of cake
The NT/2000 rootkit runs with admin privileges right at core of NT kernel. Operation at kernel level used to give it right to work as device driver and access each and every resource of OS as it was able to load itself in memory dynamically. Now the real thing it still works as it is in NT/2000 OS so if you are not updated better update your OS. It can hide processes, files, folders, registry entries, log keystrokes, cause blue screen of death, redirect exe and can even grant full privileged access to attacker to your system.
It operates using Direct Kernel Object Manipulation and comes with two components, the dropper and the driver. That clearly means it operates at kernel level. It can hide files and folders, processes, can add rights to different OS tokens and can also alter Event Viewer logs.
It’s a powerful rootkit written in Delphi. It patches windows Application Programming Interface (API) so that it can hide certain objects from getting listed. It can hide processes, files and folders, modules, system handlers, registry keys, services. TCP/UDP sockets and system tray icons.
Nuclear performs as as user-level hook on certain API’s allowing you to hide or modify some items on NT based OS including NT,2k,XP and 2003. It can hide processes, files, folders, registry keys, ports, protocols, modules, system handles and it is also able to block process.
It is a DLL injection based winapi rootkit. It can hide files, folders, and registry keys and can also log passwords.
Now please let me clear all these things we discussed are ancient though they work even today. They will alarm your anti-virus when you’ll try to extract them. The following download is given just for your study so that when you’ll feel need to write your own rootkit you should not find yourself in soup. Lastly as mentioned in rootkits revealed we plant rootkits as a program bundle and not as a single program because the main thing that a rootkits leaves behind is its payload no matter you remove it from your system. Thanks for reading and keep visiting.