[ Thanks to Bojan
Smojver for this link. ]
“UNIX admins have been dealing with rootkits since the early
1990s, when the first ones to be discovered were exploiting SunOS 4
machines. Now, Windows admins must get up to speed, because
rootkits are also being used to attack Windows NT and 2000
systems.“Hackers can obtain user-level security privileges and install a
rootkit, which is basically a collection of tools, to compromise a
system or network. The rootkit will exploit a known system
vulnerability or crack a password for a user with
administrator-level privileges and will then cover the hacker’s
tracks, making them difficult to detect. The best way to protect
your network against rootkits is to know how they work and what
type of damage they can do.“One of the primary purposes of a rootkit is to allow an
attacker unfettered and undetected access to a compromised system
at some point in the future. One way that a rootkit can do this is
by installing a backdoor process or by replacing one or more of the
files that run the normal connection processes, such as telnet or
ssh. Within the Linux platforms, most rootkits also replace some
system commands such as ls, ps, netstat, and who…”