project:
FU
short description:
The FU rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!) All this without any hooking.
long description:
The FU rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!). (Look, Mom, no hands!) It does all this by Direct Kernel Object Manipulation (TM); no hooking! This project has been evolving other time. It was originally conceived as a proof-of-concept. FU is a play on words from the UNIX program "su" used to elevate privilege.
project leader:
fuzen_op
homepage:
changelog:
https://www.rootkit.com/vault/fuzen_op/FU_README.txt
download:
https://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip
or
http://www.cppblog.com/Files/elva/FU_Rootkit.rar