So Rootkit Hunter 1.0 was released. For those that don’t know what a rootkit is; It is usually an automated way of taking control of a computer and it usually hides the intrusion. Usually you see rootkits on UNIX / Linux / BSD systems, but the term could refer to any platform I believe. The “root” part of rootkit refers to the root user on a UNIX box that has full control of the system, and “kit” is because it’s like a kit that is all set up nice for you with the tools needed to break in to a system. So anyways… the reason I’m happy about this release is because I have a few minutes of fame in the Changelog. If you read it you’ll see…

- Added 'Dreams' (rootkit). Thanks to Joshua Levitsky

So it’s a happy day for me. I found this rootkit on a box that is at a company I do consulting for. It exploited a gzip buffer overflow. If you run a UNIX / Linux / BSD system then you should check out Rootkit Hunter because it can quickly tell you if one of many compromises has been installed in your system. While it can’t promise your system is clean, it can tell you if you have become a victim to one of the known rootkits.

 

Advertisements