StreamArmor and SpyDLLRemover are NOT associated with RootkitAnalytics by any means. Due to some unforeseen circumstances, we had to let go of the corresponding volunteer and remove all his contributions.
dwtf v3 is a fake DLL maker. It creates the fake DLL, based on the original DLL given to it as input. It exports all symbols of real.dll and imports all exports of real.dll (including Forwarder). It creates an area code with a JMP DWORD [ADDRESS] for each export and more.
ElfStat is a tool designed for detecting any kernel level rootkit [or other malwares] that modifies the text segment of the kernel in memory -- this implies any malware that modifies the code of the running kernel.
This tool is designed to detect kernel rootkits and kernel malware which hijack syscalls and kernel functions by modifying the first several bytes of the routine to jump to a hacked version of the syscall or function.
Kernel rootkits are the tools that run in the kernel, hence making it really hard to detect. The entire operating system would be altered in the process, which would help in the process of hiding the fact that the system is compromised.
Rootkit Analytics blog, would encompass anything ranging from analysis of rootkits, to something like status update. This blog is hosted at Kaffe News, which is part of the EvilFingers group of Sites.
Check out our dedicated "AntiRootkit" Twitter account for update on RootkitAnalytics. We try to keep our users up to date on what we do the best.
This comes under both firmware and hardware rootkits. The reason being, hypervisor is a virtual environment that runs on the hardware, but basically it is a firmware. Hence, we have drawn the line and dropped this rootkit in the firmware category of rootkits.
NOTE: Our tools are listed in many sites and torrents, which makes it hard for us to track all downloads. Hence, we are listing only the total installations from our website.