North Security Labs

North Security Labs releases Hypersight Rootkit Detector 1.0, a first virtualization-based detector of kernel-mode rootkits for Windows.

Our company has designed an emulator of Win32 platform for anti-viruses. It can be used both in anti-virus engines and malware classification systems for improvement of detection quality. Details are in PDF presentation (see also related post in our blog).

The next major version of Hypersight is released. Using Fast Code Test technology, it makes possible detection of code launched outside of drivers and kernel. The majority of recent kernel rootkits are about to be detected in the generic way.Version 1.0 beta can be obtained in terms of beta testing.

We have implemented Fast Code Test: a new feature of Hypersight Rootkit Detector. It makes possible detection of most modern rootkits, including infamous TDL3. This feature is currently being tested in-house.

We are ready to introduce a brand new feature for our anti-rookit. Now Hypersight RD 0.5 can detect and block hardware virtualization rootkits (Blue Pill, Vitriol and so on). Both Intel and AMD platforms are supported. Another great news: according to results of recent tests, Hypersight RD also detects Rustock.C (Win32.Ntldrbot) and BootKit (also known as MaosBoot).

Finally, Hypersight Rootkit Detector 0.4 Beta which supports two major hardware platforms is shipped. Both Intel VT-x and AMD-V hardware virtualization technologies are supported. Now Hypersight works on most recent versions of processors. Anti-rootkit has became more stable and robust. This was due to help of customers who tested anti-rootkit and sent feedbacks. Thanks to all people involved in the beta-testing! Despite Hypersight RD is a experimental project, it is actively developed. Several cutting edge features are to be added soon. Stay tuned!

The development of Hypersight RD project continues. We have made numerous improvements for the program. In particular, we have made steady detection and blocking of Shadow Walker. We have received confirmations from the testers about the stability of Hypersight RD working on Windows 2000, Windows XP and Windows 2003. In this regard, we moved Hypersight RD to the stage of beta testing.

The first public preview of HyperSight Rootkit Detector, the world’s first Fourth-Generation rootkit detector, is now available. Hypersight Rootkit Detector is the first Virtual Intrusion Prevention System (VIPS) to use the brand-new approach to detect malicious software. The new approach encapsulates the operating system into a virtual machine, passing control over all critical events to the VIPS core.

The VIPS approach allows detecting the most sophisticated threats and brings your computer security to the new level. Hypersight Rootkit Detector is highly recommended to anyone sharing their financial detail (e.g. credit card numbers) over the Internet, as well as to those demanding the ultimate security. Hypersight Rootkit Detector has demonstrated great performance in the comparison tests.

Due to the requirements of a hardware platform to support virtualization, the current preview release is only compatible with Intel Core 2 family of processors for the time being. We are currently working on adding support for other CPUs.