Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


Closed Thread
  Search this Thread
Old 11-30-2012, 11:30 AM   #1
LQ Newbie
Registered: Nov 2003
Posts: 7

Rep: Reputation: 0
simple rootkits for vmi detection demonstration (kernel version 2.6.32-5)

I should give a small talk in a VM course about virtual machine introspection.
I would like to give a simple demonstration as well, by finding a simple rootkit with vdi which hides from ps/top/netstat within the infected machine.
So, here comes my problem: I seem to be unable to infect my debian test machine due to all available rootkits being for lower kernel versions and downgrading the kernel is somewhat of a dependency nightmare.

Are there any simple rootkits that hide from ps/top/netstat without being too focused on a certain kernel version? The rootkit does not have to be undetectable by normal security meassures. It should just not show up on ps/top/netstat. (And obviously I have root access on the infected machine.)
I tried KBeast which seems to be suitable for 2.6.32, but it fails to build probably due to 2.6.32-5 kernel headers.

Note that it is no problem if the rootkit only works for a specific distribution, since reinstalling the infected machine is quicker than to sort through source code.
Old 11-30-2012, 12:40 PM   #2
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
You'll be disappointed to know that regardless of the reason we do not consider this an appropriate topic for LQ.
Thread closed.

Last edited by unSpawn; 11-30-2012 at 12:41 PM.

Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
rootkit detection in two seconds (best presumptive test for rootkits?) raymor Linux - Security 4 02-23-2012 07:00 PM
LXer: HookSafe Protects Kernel from Rootkits LXer Syndicated Linux News 0 11-13-2009 07:20 PM
LXer: Linux Kernel to Add VMI LXer Syndicated Linux News 0 03-27-2007 06:46 PM
LXer: Beyond Rootkits: World's First Standalone Kernel Mode Bot? LXer Syndicated Linux News 0 04-07-2006 06:54 PM
Preventing kernel module (rootkits) from loading shubb Linux - Security 7 12-06-2005 08:48 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:53 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration