[Full-disclosure] Tool Release: ProcL - Detect Hidden Process
Pallav Khandhar
pallav.khandhar at gmail.com
Fri Aug 1 08:00:38 BST 2008
Greetings,
I am glad to release ProcL v1.0. ProcL employs many different methods
to detect hidden processes. Essentially, ProcL detailed and
implemented a mechanism to embed all these different approaches in one
tool to detect hidden processes. Our methods of detecting hidden
processes requires the examination of each kernel object - EPROCESS,
ETHREADS, HANDLES, JOBS. Therefore, we believe, ProcL would defeat
process concealment from one certain method.
Hiding a process is particularly threatening because it represents
some malicious code running on your system that you are completely
unaware of. Process hiding has a significant effect. Many of the
trojan, virus, spyware, rootkit writers use similar techniques to hide
themselves and stay undetected as long as possible on target machines.
Finding all the ways a rootkit might hide a process is just the first
step in defending against the rootkits. Detecting hidden objects is a
promising new area in rootkit detection.
For more information on the tool
http://www.scanit.net/rd/tools/03
Download the tool
http://www.scanit.net/files/tools/ProcL.zip
Cheers,
Pallav Khandhar
Sr. Security Researcher
Scanit R&D Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080801/7e25a404/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.