n00bk1t, un rootkit ring3 évolué en C

n00bk1t is a user-mode (ring3) rootkit. It is very similar to hxdef but it’s written completely in C (well, 99% of it). It has the ability to hide processes/files/regkeys/ports/services/…. It also logs windows login (local,via TS and runas) information and ftp/pop3 (plain/ssl) password(s). It’s not perfect but it fool’s a lot of users 😉

Origine de l’article :
http://www.rootkit.com/newsread.php?newsid=1000