[Rkhunter-users] making sense of rootkits and rkhunter

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi, newbie and beginner here (to Linux, rkhunter, and computers in
general). I've been reading up on rootkits via Google, but there's so
much on detection and removal and almost nothing on how they get into
a computer, or how much of a threat they are to Linux users - are new
ones being created every year? Are they as rare as Linux viruses?. Are
Linux servers more targeted than home users? I know they can be hidden
in applications, but is installing them also as easy as, say, clicking
on a link or having a pop-up ad getting past your defenses, or
accidentally going to a site marked as red by WOT - and you're still
screwed even if you get out quickly? 

On RKHunter: I scanned with rkhunter the first time after reinstalling
it, and I got a warning for rkhunter itself:

[15:13:26] Warning: The file properties have changed:
[15:13:26]          File: /usr/bin/rkhunter
[15:13:26]          Current inode: 2753106    Stored inode: 2760035

The first time I installed it, I got different warnings 

/usr/bin/mail                                            [ Warning ]
   /usr/bin/bsd-mailx                                       [ Warning
]

which disappeared since I removed Thunderbird.

What is an inode? I'm reading the CERT Intruder Detection list
and...is there a For Dummies version of this? Using Linux Mint 11, by
the way.

-persian