A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems, and while it has some interesting features, it does not appear to be the work of high-level programmer or be meant for use in targeted attacks.
The new Linux rootkit is loaded into memory and once there, it pulls out some memory addresses and then stores them for use later. It also then hooks into several kernel functions as a way to hide some of its files on the machine.