'Hacker Defender' Rootkit Author Offers Cease-Fire

DATE: 06-MAR-2006
By Paul F. Roberts
Holy Father said he wanted to take a "rest," and declined to say what projects he was working on. However, he didn't deny that he could develop a new rootkit program in the future.

"There might be some other tools, maybe some rootkits, we'll see what [the] future come with," he wrote.

In the meantime, he gave credit to F-Secure and the creators of the IceSword anti-rootkit program for discovering novel ways to detect Hacker Defender and other rootkits.

In his Web page post, Holy Father reiterated claims, made in the past, that he does not sell his program to criminals or criminal groups.

"We preferred to sell paid versions for the legal activities such as penetration testing or security conference demonstrations. We have never supported criminals and always refused to renew the antidetection for those who misused our products," he wrote.

The communications from the secretive rootkit author may be an effort to sanitize the shadowy Hacker Defender technology so that he can begin offering legitimate software, said Sam Curry, vice president of eTrust Security Management at Computer Associates International, in Islandia, N.Y.

"Holy Father," who claims to live in the Czech Republic and to do Hacker Defender as a pastime, may be envisioning trying to get out of the "grey zone" of rootkit technology, which is often associated with illegal hacking, Curry said.

eWEEK.com special report: The Business of Security

Computer Associates researchers are seeing more and more examples of rootkit code in other programs. The snippets of code are often used to hide viruses and other malicious wares, he said.

Rootkit techniques have also caught the attention of legitimate software vendors, as the recent flap over stealth features in digital rights management technology from Sony illustrated, Curry said.

CA has to update its product and its anti-virus engine more frequently to catch the new rootkit technology, and is spending more time and energy testing anti-rookit features to make sure they aren't disruptive, Curry said.

PointerCheck out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Back to:
Introduction

 


Comment on this article
Be the first to comment on this article.
Sponsored Content
White Papers

No registration required to download these free white papers:

Security in the World of Web 2.0

Intelligent Infrastructure for Information Services

Making Server Consolidation A Reality

Protecting Client Systems from the Crimeware Invasion

Top 10 Ways to Increase Enterprise Security While Reducing Costs
Upcoming eSeminars

Data Protection Virtual Tradeshow
Cameron Crotty 50x50

Available On-Demand
Join Cameron Crotty and experts as they explore best practices and solutions needed to maintain a secure flow of data.
Available On-Demand
Security 2.0: Controlling Complexity
with Cameron Crotty. Sponsored by Symantec
Available On-Demand
Backup Exec 11d - The Gold Standard in Windows Data Recovery
with Frank Derfler. Sponsored by Symantec
Advertisement
Sponsors
  • 64 Pages of How-To Operational Advice for IT
  • You have a choice! Ericom's Alternative to Citrix
  • Discover what 2000 Cisco customers know about Riverbed
  • ScanSoft PDF Converter Professional 4
  • Defy the laws of reporting with Crystal Reports® 2008.
  • See how EMC can help you store more intelligently.
  • When Speed Counts, Count On 3Com.
  • Download the Windows Server® 2008 Release Candidate today.
    		•
    Security IT Hub Contact Us | About | Advertise
    Ziff Davis Enterprise

    Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters | RSS Feeds | Tech Shop | White Papers | Tech Encyclopedia | PC Downloads | ROI Calculators | Tech Jobs | Enterprise Product Comparison Guides | Tech Webcasts | Tech Podcasts | Tech Video

    1UP | AppScout | Baseline | Careers | Channel Insider | CIO Insight | Cranky Geeks | DesktopLinux | DeviceForge
    DevSource | DigitalLife | DL.TV | eSeminars | eWEEK | ExtremeTech | Filefront | GameVideos | GearLog
    LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | My Cheats | Networking | PC Magazine | PCMagCasts | PDF Zone |
    Publish | Security IT Hub | Server IQ | Smart Device Central | Strategic Partner | TechnoRide | Web Buyer's Guide |
    What's New Now | Windows for Devices | Ziff Davis Media International

    Use of this site is governed by our Terms of Use and Privacy Policy
    Copyright © 2004-2006 Ziff Davis Publishing Holding Inc. All Rights Reserved. Security IT Hub is a trademark of Ziff Davis Publishing Holdings Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.