Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND
From: nemo outis (outis_at_erewhon.com)
Date: 10/28/04
- Previous message: Duane Arnold: "Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND"
- In reply to:(deleted message) Leythos: "Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND"
- Next in thread: Thund3rstruck_n0i: "Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Oct 2004 04:11:30 GMT
In article
<MPG.1bea3374ac1f0dde9898cb@news-server.columbus.rr.com>, Leythos
<void@nowhere.org> wrote:
>In article <831baa66.0410271910.68ffcb4@posting.google.com>,
>helper22A@yahoo.com says...
>[snipped same old crap]
>
>Looks like someone got out of the hospital.
>
Plus he's not even slightly up to date on how stuff is done. For
instance, one of the things that has been a hacker secret but is
just now starting to surface is...
appinit_dll
It's a fully legit part of Windows and, on the face of it,
doesn't seem malign: all it does is make sure any specified dll
is running (& starts it if necessary) with any/every executable.
Say what?????
In the hands of the right hacker, it's a "poor man's root kit!"
Write your own dll to do whatever you want (hide directories,
files, ports, and registry entries, run services or *servers,*
and on and on, including hiding itself and its registry entries)
and have it started (if not already running) by EVERY executable
courtesy of appinit_dll. That includes, of course, debuggers,
etc. so that the dll(s) loaded by appinit_dll can hide (if coded
to do so) what's happening from any process running on the
machine - even those looking for it!
Just as ADSs had a very long run as a hacker tool (although they
too are technically legit) before virus- checkers, etc. started
to look for them, so appinit_dll and its possibilities are only
now starting to be recognized by a very few outside the
underground. The great mass of the unwashed (including most
sysadmins) are, of course, oblivious to appinit_dll and its
possibilities.
Regards,
PS It can be detected and it can be defeated, of course, but
only if you know you should be looking for it.
- Previous message: Duane Arnold: "Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND"
- In reply to:(deleted message) Leythos: "Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND"
- Next in thread: Thund3rstruck_n0i: "Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
