Newly Discovered Linux Rootkit Not Sophisticated But Effective
Source: CRN - Posted by Dave Wreski   
Intrusion Detection Researchers are analyzing a new rootkit for 64-bit Linux systems that injects iFrames onto websites and redirects traffic to malicious sites that install additional malware. It also accesses the system's memory and leverages the kernel to help conceal itself. At start-up, the module "creates an initial HTTP injection configuration and installs the inline function hook to hijack TCP connection contents," according to Georg Wicherski, senior security researcher at CrowdStrike. Next, it creates a thread that establishes communication with the command-and-control server for use in updating the injection configuration. It then hides the kernel module itself, using direct kernel object manipulation.

Read this full article at CRN

Only registered users can write comments.
Please login or register.

Powered by AkoComment!