republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » a new open-source rootkit for Linux by Immunity Inc
Search Topic:
Uniqs:
453		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
How do I do this - block PopUps on this particular site? »
« Security Software Updates - 05 Sep 2008  
AuthorAll Replies

matunga

join:2003-07-26

a new open-source rootkit for Linux by Immunity Inc

The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers.

When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate. It's notable because it cloaks itself by burrowing deep inside a server's processor and availing itself of debugging mechanisms available in Intel's chip architecture. The rootkit, in other words, mimics a kernel debugger

By exploiting a CPU's native ability to generate interrupts, DR escapes some of the pitfalls that have visited more traditional types of rootkits, which modify an operating system's system call table. That's of increasing importance as more and more Linux distributions make it harder to make changes to the syscall table and rootkit detection programs such as chkrootkit and rkhunter actively check for such modifications.

Over the past few years, a growing body of malware has incorporated rootkits, making detection much harder. Until now, the benefit of using a rootkit was counterbalanced by the difficulty of building one. DR, which is available here under version 2 of the general public license, will make it profoundly easier.

"In the old days, to attack a computer, you needed to 1) find a bug, 2) write an exploit, 3) run the exploit 4) hide yourself," Charlie Miller, principal security analyst for Independent Security Evaluators, said in an email. "The gap between a script kiddie and a hacker just got a little smaller."

While DR simplifies the task of cloaking nasty malware on Linux boxes, it doesn't support symmetric multiprocessing or actively hide itself at the kernel level. The good news is that those are shortcomings that limit the rootkit's functionality and make it easier to detect.

The bad news: these features could be added with about a week's worth of development time. Indeed, Immunity is offering commercial support for DR as part of its Canvas toolkit, so stay tuned

»www.immunityinc.com/resources-fr···re.shtml
to forum · permalink · · 2008-09-06 05:37:17 · (locked)

SUMware
Premium
join:2002-05-21		 Already posted: »Open source release takes Linux rootkits mainstream
to forum · permalink · · 2008-09-06 09:13:20 · (locked)
Thread is
-
Forums » Up and Running » Security » SecurityHow do I do this - block PopUps on this particular site? »
« Security Software Updates - 05 Sep 2008  

Friday, 19-Mar 14:07:46 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10.5 years online! © 1999-2010 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [153] Comcast Confirms 100 Mbps Is Coming
· [125] What You Need To Know About The National Broadband Plan
· [100] The 'Electromagnetically Hypersensitive' Attack Smart Meters
· [70] 'Lawn Fridges' Attack UK Lawns
· [53] FCC Releases Copy Of The National Broadband Plan
· [46] FCC Gives Final Sales Pitch For Broadband Plan
· [40] Putting T-Mobile HSPA+ Through Its Paces
· [39] The FCC Wants Your Thoughts On Comcast/NBC Merger
· [36] Remember Zer01? They've Mysteriously Disappeared
· [35] Time Warner Cable Makes 50 Mbps In Dallas Official
Most people now reading
· WoW Politics - The Welfare Gear Debate (Warning Long) [World of Warcraft]
· What is the spell hit cap for a lvl 80 full arcane spec mage [World of Warcraft]
· Ashen Verdict Rep farming guide (ICC 10) [World of Warcraft]
· Error in Broadband Plan grossly understates WISP coverage [Wireless Service Providers]
· [ Classes] ATTN Death Knights - Post your spec for critique! [World of Warcraft]
· Not personally identifiable info, eh? [Security]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· New Firmware : 6.1.9.23-enh.tm [AT&T U-verse]
· Need to switch between Interleave and FastPath? Part 2 [Verizon Online DSL]
· Why so much hatred towards Bell? [TekSavvy]