#28 New rootkit Jynx undetectable

main
closed-fixed
unSpawn
Rkhunter (37)
5
2012-03-08
2011-10-21
No

Hi,

please find out new released rootkit: http://packetstormsecurity.org/files/105893/Jynx-Kit-Pub.tar.gz
http://www.blackhatacademy.org/security101/index.php?title=Jynx

Currently undetectable by rkhunter

Please create according detection for this malware.

Thank you!

Discussion

  • John Horne

    John Horne - 2011-11-11

    As far as I am aware rkhunter checks both LD_PRELOAD and the ld.so.preload file. It has done this for some time, so the comment on 'blackhatacademy.org' that the rootkit is not detected by rkhunter does not seem true. Although RKH may not explicitly look for the rootkit, it will warn the user that LD_PRELOAD/ld.so.preload are being used.

     
  • Martin Čmelík (cm3l1k1)

    Hi jhorne,

    is it possible that rkhunter will report this as critical issue instead of warn only? As you know warn messages can be overlooked in rkhunter report.

    Thank you

     
  • John Horne

    John Horne - 2011-12-17

    There is no such thing as a 'crtitical' issue in RKH. Tests are generally reported as either 'OK' or 'Warning'. All warnings indicate that something is not right or, at least, suspicious. It is for the user to check these using such options as '--rwo' and/or mailing the warnings to the sysadmin.

     
  • unSpawn

    unSpawn - 2012-03-08

    Check completed, thanks.

     
  • unSpawn

    unSpawn - 2012-03-08
    • milestone: --> main
    • assigned_to: nobody --> unspawn
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks