topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday April 18, 2024, 12:47 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

« previous next »
Pages: [1] • bottom

Author Topic: Immunity Releases Open Source Linux Rootkit  (Read 3061 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Immunity Releases Open Source Linux Rootkit
« on: September 05, 2008, 05:13 PM »
Immunity Inc. has released an open source Linux rootkit which uses Intel's debugging mechanisms to hide.

Screenshot - 6_09_2008 , 8_12_11 AM_thumb.png


The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers.

When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate. It's notable because it cloaks itself by burrowing deep inside a server's processor and availing itself of debugging mechanisms available in Intel's chip architecture. The rootkit, in other words, mimics a kernel debugger.
Personal note: Go do something useful and go fix that python-olly-frankenstein you're always raving about.

Full Story

Ehtyar.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Immunity Releases Open Source Linux Rootkit
« Reply #1 on: September 06, 2008, 07:37 AM »
Cute stuff.

But it still needs to hook INT1 and possibly INT3, which would make it rather trivial to detect anyway.
- carpe noctem
Pages: [1] • top
« previous next »