Ghostbuster

Published Fri, Apr 15 2005 9:26 | girishb

From, Bruce Schneier's crypto gram, I found this is really cool research project from Microsoft. He blogged about it in Feb. I wonder if the spyware tool released by Microsoft, contains this.

From the blog:

It's a really elegant idea, based on a simple observation: the rootkit must exist on disk to be persistent, but must lie to programs running within the infected OS in order to hide.
If you want the dirty details, http://www.usenix.org/events/lisa03/tech/wang/wang_html/index.html.

Comments

# girishb said on April 15, 2005 12:59 PM:

Mark Russinovich has taken what began with ghost buster and is continuing to enhance it with RootKitRevealer http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

# girishb said on April 15, 2005 2:19 PM:

That is very cool. I did not know about this.