Re: [Rkhunter-users] Stealthy Linux rootkit found in the wild after going undetected for 2 years
Brought to you by:
dogsbody
From: Michael L. <mic...@gm...> - 2024-02-06 12:06:42
|
- The rootkit can hook the `kill()` syscall, network-related functions, and file listing operations in order to hide its activities and evade detection. This should theoretically change the hash of the "kill" command leading to detection as a generic rootkit. The link you shared shows that this rootkit is a kernel module. Rkhunter does not check kernel modules by default but this would be a great feature. Thank you, Michael Lazin .. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι. On Sun, Dec 10, 2023 at 3:23 PM Brent Clark <bre...@gm...> wrote: > Good day Guys > > I came across this > > > https://arstechnica.com/security/2023/12/stealthy-linux-rootkit-found-in-the-wild-after-going-undetected-for-2-years/ > > Does rkhunter can detect / scan for > > Diamorphine > Suterusu > Rooty > > Regards > Brent > > > > _______________________________________________ > Rkhunter-users mailing list > Rkh...@li... > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > |