在網絡安全中經常會遇到RootKit,NSA安全和入侵檢測術語字典( NSA Glossary of Terms Used in Security and Intrusion Detection)對RootKit的定義如下:A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network,mask the fact that the system is compromised, and much more. RootKit is a classic example of Trojan Horse software. RootKit is available for a wide range of operating systems.
The tool presented below tries to detect from remote if the target machine was compromised with the HACKER Defender RootKit. The tool connect to the remote host, and compares the reply to several known replies. The RootKits that can be detected by the tool are: HACKER Defender v1.0.0 and below.
