Hacker News new | past | comments | ask | show | jobs | submit login

The problem doing DLL injections is you are dropping things directly to the disk which is a great way to get AVs attention. Heuristics based detection can be a pain in the ass here and you want your rootkit to be able to be 'unique' for every installation if possible.

Also rootkits are way overrated. What you do when you compromise an organization is you open a connection to your C&C on a few machines to keep your foothold if any reboot. If you need to get in you just connect to one of those boxes and just continue on. You never have to drop anything on the hard disk which makes it much stealthier.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact