Hacker Defender Rootkit Author Offers Cease-Fire

"Holy Father," the creator of the notorious hacking tool, claims to be going on sabbatical, but says more rootkits may follow in the future.

The author of the Hacker Defender rootkit said hes taking a break from developing the popular hacking tool—but that he may soon return to developing new rootkit programs.

The author, who uses the name "Holy Father," posted a message on the Hacker Defender Web site calling a truce with security companies that make anti-rootkit technology.

However, in an e-mail exchange with eWEEK, "Holy Father" said he isnt throwing in the towel, and that he may return to rootkit development after taking a break from Hacker Defender to work on other projects.

Hacker Defender is one of the best-known rootkit programs. Rootkits have been common in computer hacking circles for years, and allow attackers to maintain access to a computer, without being detected, long after they have compromised its defenses.

In recent years, authors have developed so-called "kernel mode" rootkits, like Hacker Defender, that manipulate information sent to Microsoft Windows core processing center and are very difficult to detect.

/zimages/1/28571.gifClick here to read what Microsoft is doing about the threat of rootkits.

Hacker Defender was initially released as an open-source program in 2004. More recently, Holy Father has sold updated copies of the rootkit, dubbed "Golden Hacker Defender," for 450 euros. That version of the program had an anti-detection engine designed to thwart anti-rootkit technology from vendors like anti-virus firm F-Secure, in Helsinki, Finland.

The anti-detection features put the Hacker Defender author or authors in an arms race with anti-virus companies and, in a recent post, Holy Father said he would stop updating the anti-detection service.

"For more than a year we were able to bypass any rootkit detection method and utility. We have proven that current rootkit detection methods are poor or half implemented," he wrote in a message on the Hacker Defender Web site.

"Now we feel that our chess game cant bring anything new to any of the side," he wrote.

/zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

In an e-mail to eWEEK, Holy Father said there were many factors that prompted him to discontinue the updates to Hacker Defender.

"Ive got some personal projects in real life work that i want to concentrate on so i also wanted to free some time on it," he wrote.

Next Page: Legitimate hacking only?