Hunting Rootkits with rkhunter Video Tutorial

[ Thanks to Andrew Weber for this link. ]

"The intruder could use a rootkit to hide the password cracker program that’s stealing your passwords and sending them back to the intruder. The intruder could also use a rootkit to hide a “back door” program that would give him easy access back into the compromised system. There are at least six basic categories of rootkits which all serve the same purpose. That is, they prevent the intruder’s malicious software from showing screen output to the unsuspecting user, and they prevent the malicious software from leaving traces in the system logs. They also prevent the malicious software from showing up in a “ps” or “top” process list.

"Firmware rootkits

"One of the most difficult rootkits to discover is the firmware rootkit that is placed in the code that exists in the ACPI or PCI cards or your system clock. Firmware rootkits can be installed in any flashable code on your motherboard or any cards that you install. The difficulties here will be that you cannot fix this by reinstalling your operating system or wiping your hard drives."

Complete Story

Related Stories:

• HookSafe Protects Kernel from Rootkits(Nov 13, 2009)
• Linux Security Notes - AIDE File Integrity(Oct 22, 2009)
• Game Over for Sony and Open Source(Sep 01, 2009)
• Researchers find insecure BIOS 'rootkit' pre-loaded in laptops(Aug 06, 2009)
• Basic Web Server On Ubuntu 9.04 With Zend Framework(Jun 18, 2009)
• Intel CPU cache poisoning: dangerously easy on Linux(Apr 22, 2009)
• New Attack Sneaks Rootkits Into Linux Kernel(Apr 15, 2009)
• Editor's Note: Instead of Throwing Everyone In Jail, Fix Your Lousy Products(Dec 05, 2008)