I won’t speak exactly about rootkits, because it’s impropriate to call them that way… why? Well rootkits are programs that aid you in getting access to root level users…
So in the case we are using Windows "rootkits" we should call them admkits (admin kits [©copyrighted to me of course])…. So let’s cut the **** and get down to serious business.
Note: the following admkits are from www.packetstormsecurity.org, there also could be others available on the net… not just the following 4
_ROOT_040
Windows NT Rootkit v0.04 alpha – Hides processes, files, directories, has k-mode shell using TCP/IP – you can telnet into rootkit from remote. Hides registry keys – (keyboard patch disabled in this build.) Includes execution redirection.
Fake Netstat
Fake Netstat is a windows copy of netstat which can hide certain network connections. Requires renaming the original netstat.
NT BindShell
Ntbindshell is a lightweight (24k compiled) cmd.exe backdoor for Windows. Full C source included. Provides two modes of operation – standard (listening mode) or reverse-connect mode. Includes the ability to install itself as a system service, providing a shell with LocalSystem privileges.
reverseTelnet
Reverse telnet redirector / port redirector and front end console for Windows. Perfect for firewall bypassing from inside out. Can be used for bouncing connections, piping or relaying data, or as a quick MIM chat server. Windows executable form only.
More information of course can be found in the readme files from the archive…
