Skip navigation.

Windows Driver Rootkits


I'm working on testing commercial Windows A/V products. I have a fair corpus of malware samples to run through the A/V systems, but I'm having a hard time locating any driver rootkits. Kernel-mode rootkits, NDIS filter mode drivers, even user-mode drivers. Does anyone have examples lying around that were found in the wild?


I can do the actual searches in the catalog, but my familiarity with specific rootkit examples leaves me without a place to start. I did find TDSS thanks to the helpful blog post on it. So don't think I need a URL or a hash. Please feel free just to throw out names, and I'll follow up on them.