Linux Rootkit
Definition of a Rootkit
- “Trojan Horse” into a Computer System
- Malicious Programs that pretend to be normal programs
- May also be programs:
- that masquerade as “possible” programs
- with names that approximate existing program
- already running and not easily identifiable by user
- Installing a Rootkit on a Target System
- Hacker MUST already have root level access on target system
- Gain root level access by compromising system via buffer overflow, password attack, social engineering
- Rootkit allows hacker to get back onto system with root level privilege
- Rootkits are a comparatively recent phenomenon
- Developed by hackers to conceal their activities
- One method is to replace existing binary system files that continue to function as normal but allow hacker back door access
- Can be developed by skilled hacker with programming expertise