Sponsor for PC Pals Forum

Author Topic: Linux Rootkit Released!!  (Read 1300 times)

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Linux Rootkit Released!!
« on: September 05, 2008, 21:19 »
The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers.

When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate. It's notable because it cloaks itself by burrowing deep inside a server's processor and availing itself of debugging mechanisms available in Intel's chip architecture. The rootkit, in other words, mimics a kernel debugger.

By exploiting a CPU's native ability to generate interrupts, DR escapes some of the pitfalls that have visited more traditional types of rootkits, which modify an operating system's system call table. That's of increasing importance as more and more Linux distributions make it harder to make changes to the syscall table and rootkit detection programs such as chkrootkit and rkhunter actively check for such modifications.

Over the past few years, a growing body of malware has incorporated rootkits, making detection much harder. Until now, the benefit of using a rootkit was counterbalanced by the difficulty of building one. DR, which is available here under version 2 of the general public license, will make it profoundly easier.

"In the old days, to attack a computer, you needed to 1) find a bug, 2) write an exploit, 3) run the exploit 4) hide yourself," Charlie Miller, principal security analyst for Independent Security Evaluators, said in an email. "The gap between a script kiddie and a hacker just got a little smaller."

While DR simplifies the task of cloaking nasty malware on Linux boxes, it doesn't support symmetric multiprocessing or actively hide itself at the kernel level. The good news is that those are shortcomings that limit the rootkit's functionality and make it easier to detect.

The bad news: these features could be added with about a week's worth of development time. Indeed, Immunity is offering commercial support for DR as part of its Canvas toolkit, so stay tuned. ®

http://www.theregister.co.uk/2008/09/04/linux_rootkit_released/
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline sam

  • Administrator
  • *****
  • Posts: 19977
Re: Linux Rootkit Released!!
« Reply #1 on: September 05, 2008, 21:34 »
I doubt it would get anywhere near a decent installation.. you would have to be stupid enough to install it! Linux's security is just different to windows, you as the user have to be seriously silly to get a problem, unlike with windows where you can just turn it on and go on the internet and get infected.
- sam | @starrydude --


Show unread posts since last visit.
Sponsor for PC Pals Forum