Hidden under the hood - Linux backdoors

Sami Rautiainen F-Secure Corporation

During the past year there has been no global outbreaks of Linux worms or viruses, so for a bystander it might look as if life has been relatively easy for Linux users when it comes to malware.

However, the reality is something completely different. While we haven't seen automated attacks using worms, intrusions into Linux systems are anything but part of the past. Intruders often use semi-automated attacks to penetrate the system. A good sign that one's machine has been compromised is a presence of a backdoor - if it is ever detected.

Linux backdoors include sophisticated methods to hide themselves from the user of the machine, using anything from replaced system binaries to a kernel module.

This paper examines types of different backdoors for Linux, how they are hidden in the system and discusses different methods of detecting the presence of a backdoor.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Malware Prevalence
Autorun |#######|
Encrypted/Obfuscated |#####|
Heuristic/generic |#####|
Sality |####|
Zbot |####|
 View this month's full report

Virus Bulletin currently has 224,243 registered users.