btw what is this rootkit thingy? how is it been installed into the box? does the attacker gain root access then install it or thru some buffer overrun vul?