chkrootkir LKM Trojan ?
Dave S
ubuntu at pusspaws.net
Wed Jul 19 06:48:23 UTC 2006
On Tuesday 18 July 2006 21:26, ubuntu at rio.vg wrote:
> Brian McKee wrote:
> > On 17/07/06, boricua <boricua at despiertapr.com> wrote:
> >> how do u know rkhunter was not comprimise
> >
> > rkhunter does check itself as it's first step !
>
> ...
>
> Think about that for a moment.
>
> Let's say I write a rootkit that is rkhunter-aware. It searches out
> rkhunter, and modifies it when found. What do you think my first change
> to rkhunter will be?
I feel like I have strayed into a murky grey world with no absolutes either
way. It all depends on how smart and determined the rootkit installer is - I
googled and found out some have hacked kernel modules to hide their presence.
Dave
More information about the ubuntu-users
mailing list