Rootkit Sleuth

The chkrootkit package examines key system files to determine whether they have been tampered with or infected by malware known as rootkits. An infected system can leak valuable data such as user credentials, can allow hackers to steal banking information, can provide remote control capability, and can disrupt security software. The fact that rootkits can remain on a system for long periods of time undetected makes them particularly dangerous.

Changing Attitudes on Linux Malware

Contrary to popular belief, Linux does suffer from malware infections and attacks. Rootkits are one type of malware designed to infect, gain elevated access, and remain hidden from detection for long periods of time. Rootkits are especially malicious, because they not only remain hidden but also can disable or disrupt security software making them hard to remove. Once infected, often the only recourse is to re-image (wipe and reinstall) the system.Symantec has identified five types of rootkits:

• Hardware/firmware – installed in the computer’s BIOS, firmware, or other hardware components
• Bootloader – the system’s bootloader is active before the operating system loads
• Memory – RAM-based rootkits only last while the computer is powered on and generally do not persist after a reboot unless the file is set to reload on boot
• Application – application rootkits alter standard programs that appear to work normally while infected
• Kernel mode – core operating system alterations access and control the computer’s lowest operational levels

[...]