Hidden under the hood - Linux backdoors

Sami Rautiainen F-Secure Corporation

During the past year there has been no global outbreaks of Linux worms or viruses, so for a bystander it might look as if life has been relatively easy for Linux users when it comes to malware.

However, the reality is something completely different. While we haven't seen automated attacks using worms, intrusions into Linux systems are anything but part of the past. Intruders often use semi-automated attacks to penetrate the system. A good sign that one's machine has been compromised is a presence of a backdoor - if it is ever detected.

Linux backdoors include sophisticated methods to hide themselves from the user of the machine, using anything from replaced system binaries to a kernel module.

This paper examines types of different backdoors for Linux, how they are hidden in the system and discusses different methods of detecting the presence of a backdoor.

Poll

Who in your company is responsible for installing software patches?
System administrators
End users
I don't know

Leave a comment
Jobs Recruit Sidebar

VB100 certification

VB100 The final VB100 of the year sees a double whammy of potential pitfalls for our comparative participants - the Vista operating system, which still seems shiny and new as well as a little scary (to both developers and users), as well as the x64 architecture, whose ostensible compatibility with standard 32-bit software belies oddities and intricacies that developers ignore at their peril. The announcement of the test brought a few surprises, as several regulars opted to skip this one, but the majority of veteran competitors took part as usual, along with several newer faces, many of whom look set to join the ranks of our regulars.
See full results.
Virus Bulletin currently has 148,281 registered users.