Linux Today: Linux News On Internet Time.

More on LinuxToday

Hunting Rootkits with rkhunter Video Tutorial

Dec 23, 2009, 06:02 (0 Talkback[s])

[ Thanks to Andrew Weber for this link. ]

"The intruder could use a rootkit to hide the password cracker program that’s stealing your passwords and sending them back to the intruder. The intruder could also use a rootkit to hide a “back door” program that would give him easy access back into the compromised system. There are at least six basic categories of rootkits which all serve the same purpose. That is, they prevent the intruder’s malicious software from showing screen output to the unsuspecting user, and they prevent the malicious software from leaving traces in the system logs. They also prevent the malicious software from showing up in a “ps” or “top” process list.

"Firmware rootkits

"One of the most difficult rootkits to discover is the firmware rootkit that is placed in the code that exists in the ACPI or PCI cards or your system clock. Firmware rootkits can be installed in any flashable code on your motherboard or any cards that you install. The difficulties here will be that you cannot fix this by reinstalling your operating system or wiping your hard drives."

Complete Story

Related Stories: