Analysis of a newly discovered rootkit of moderate complexity. Interesting to see exactly how it works (particularly some of the bugs and more unusual ways of doing file I/O from the kernel...).
Also interesting for the inline code hooking, which I always thought was pretty nifty tool for debugging (wonder if anyone knows of a nice Linux library for doing this kind of binary patching in a portable way).
[via LWN]
Also interesting for the inline code hooking, which I always thought was pretty nifty tool for debugging (wonder if anyone knows of a nice Linux library for doing this kind of binary patching in a portable way).
[via LWN]
CrowdStrike: HTTP iframe Injecting Linux Rootkit
