Archive for the 'Linux' Category

New Linux Anti Rootkit Scanner released

Tuesday, February 20th, 2007

Tobias Klein, a German developer has released a new Rootkit Scanner for Linux.

The new scanner called Rootkit Profiler LX or RKProfiler LX with work on the following platforms:

- SUSE Linux Enterprise Server 10 (x86, 32-bit)
- SUSE Linux Enterprise Desktop 10 (x86, 32-bit)
- Ubuntu 6.10 Edgy Eft (x86, 32-bit)
- openSUSE 10.2 (x86, 32-bit)

 

Features:

Detection: RKProfiler LX checks the whole kernel code as well as different kernel data sections and cpu registers regarding possible modifications and hidden components:

- Generic kernel code modification
- Syscall table address modification
- Syscall address modification
- Syscall code modification
- Interrupt handler address modification
- Interrupt handler code modification
- Page Fault Handler modification
- Kernel symbol modification
- SYSENTER register modification
- Virtual File System function pointer modification
- Hidden processes and threads
- Hidden kernel modules

Tobias will also have a MacOS version available soon,

Click here for more information on Rootkit Profiler LX on trapkit.de

Keep Safe,

regards

Steo

Posted in News, Linux, Rootkit Scanners | No Comments »

Linux Anti Rootkit - Zeppoo 0.0.4 released

Saturday, November 4th, 2006

The guys over at Zeppoo have released a new version of their Anti Rootkit Software Zeppoo.

This version is 0.0.4 and the new features in this version includes support for Redhat and Ubuntu with -r option along with AMD64 support. There is also lots of bugfixes thrown in for good measure.

For more details and download see http://www.antirootkit.com/software/Zeppoo.htm

Keep Safe Linux users,

regards
Steo
www.antirootkit.com

Posted in News, Linux, Rootkit Scanners | 1 Comment »

MOOD-NT - New Linux Kernel Rootkit released

Thursday, November 2nd, 2006

Mood-NT is a linux kernel rootkit suckit2-like for 2.4.x/2.6.x kernels.

It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot.

It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. If the kernel changes it automatically reinstall itself on boot.

Keep Safe,

regards
Steo
www.antirootkit.com

Posted in News, New Rootkits, Linux | No Comments »