|
|
|
|
|
|
Digg |
|
|
|
Today’s rootkits infiltrate a target system at kernel level, thus escaping unwanted attention from administrators. Read on for a practical look at how a kernel rootkit really works.
After an attacker compromises a target, the next step is to secure a foothold. Any seasoned attacker wants to keep sysadmins and inquisitive users from noticing the unauthorized changes. Various tools are available to help infiltrators cover their tracks. So-called rootkits hide telltale processes, network connections, and files from admins, and they guarantee the attacker access through a backdoor. Up to just a few years ago, hackers would typically manipulate installed programs to build a rootkit. A trojanized version of netstat would hide any connections established by the hacker, and a trojanized ps would obfuscate any illegal processes. Because a typical attack involved replacing a large number of utilities, special userland rootkits quickly started to appear. These kits, which include several manipulated programs, are easy for attackers to install. Most rootkits also include backdoors and popular hacker tools, such as IRC Bouncer.
|
|
|
| Related Articles | |
|---|---|
| BREAKING IN AND KEEPING OUT | Kernel 2.6 rootkits and the quest for Linux security |
| Special Linux Magazine 3 for 1 Offer |
|---|
|
Get 3 Issues + 3 DVDs for the price of a single issue! Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download. Only available for a limited time. Don't miss out! |
Comments