Tobias Klein, a German developer has released a new Rootkit Scanner for Linux.
The new scanner called Rootkit Profiler LX or RKProfiler LX with work on the following platforms:
- SUSE Linux Enterprise Server 10 (x86, 32-bit)
- SUSE Linux Enterprise Desktop 10 (x86, 32-bit)
- Ubuntu 6.10 Edgy Eft (x86, 32-bit)
- openSUSE 10.2 (x86, 32-bit)
Â
Features:
Detection: RKProfiler LX checks the whole kernel code as well as different kernel data sections and cpu registers regarding possible modifications and hidden components:
- Generic kernel code modification
- Syscall table address modification
- Syscall address modification
- Syscall code modification
- Interrupt handler address modification
- Interrupt handler code modification
- Page Fault Handler modification
- Kernel symbol modification
- SYSENTER register modification
- Virtual File System function pointer modification
- Hidden processes and threads
- Hidden kernel modules
Tobias will also have a MacOS version available soon,
Click here for more information on Rootkit Profiler LX on trapkit.de
Keep Safe,
regards
Steo