March 26th, 2002, 01:30 AM
Malicious Kernel Modules
I've been doing some research on malicious kernel modules, and I was wondering if anyone had heard of any owrk on them recently. Just for the record, I've already searched google, but everything I found there was quite old. I should also point out that I am finding out how to find and remove kernel modules, not write them. The most popular thing I've run across is kstat, but it was written during the RedHat 6.2 era and as best I can tell, it hasn't been touched since. Anyone know of anything newer? Thanks.
March 26th, 2002, 03:28 AM
What are you looking for.... ive written some lkm that can be quite fun
March 26th, 2002, 01:07 PM
My ultimate goal is to learn out about how to find hidden lkm's. So I guess I'm basically interested in everything related to them. I obviously need to understand how they work, so that I can find them. I've written a few of my own lkms that hide themselves in different ways, and then I sat down and wrote a detector program that would still be able to find them. So far, I've always been able to come up with a way to find them, but it's too easy because I was the one that wrote them - I know exactly what their limitations are. So I just wanted to learn more about the entire field so that I could write better lkms, and in turn, better detectors.