March 28th, 2003, 12:37 PM
The paper is from iDefense and gives a pretty good description of the different types of rootkits and how they work.
Rootkits, as we know them now, came into being sometime in the mid 1990s. At that time, Sun operating system UNIX system administrators started seeing strange server behavior, missing disk space, CPU cycles and network connections that strangely did not show up in command netstat. By implementation technology, three main classes of Rootkits are available today: binary kits, kernel kits and library kits. The first class achieves its goal by replacing certain system files with their Trojan counterparts. The second uses kernel components (also called modules) or Trojans, and the third employs system library Trojans. Rootkits found in the wild (such as captured on Honeypots), often combine Trojaned binaries with higher "security" provided by the kernel and library components.
March 28th, 2003, 03:29 PM
Don't know why you got negged, just finished reading the paper, good read, thanks.
Every now and then, one of you won't annoy me.
March 28th, 2003, 03:32 PM
I got negged for bumping the message up without cause. I am not sure who negged me though. It was purely accidental- mouse was pointing at the wrong spot when I accidentally clicked the button. I didn't even know what the Bump Up button did.
Antipoints come and antipoints go- c'est la vie!
March 28th, 2003, 04:08 PM
nice read, thanx
yeah, I\'m gonna need that by friday...
March 28th, 2003, 07:18 PM
Excellent.........that is why I come to this site.
Share the knowledge
March 29th, 2003, 05:56 AM
Very useful and informative paper, thanks for the post.