I was looking through recent automated sandbox reports today and I discovered a new and very prevalent password stealing trojan has a rootkit component which is using an exploit I discovered and published around 5 years ago (still not patched in XP)
I don't want to go into specific details for various reasons but needless to say the exploit allows a trojan to hide files and registry keys from being returned by common API calls and from popular programs such as HijackThis, adwcleaner, dds etc.. I'm led to believe some anti-virus programs can pick up on these specially crafted files but not others.
Anyway the main point I'm trying to make is that having been retired from the 'black hat' scene for over three years now (and on the side of good ever since) seeing this has caused mixed emotions but particularly an insane amount of guilt.
Don't quite know whether I'm going to get a lot of hate for such an admission but needed to get it off my chest and was looking for some general thoughts, positive, negative, or "ban the bleep".