This may raise a few curly questions.
Couple of sacred shibboleths about to be shattered?.
:(

http://www.theregister.co.uk/2008/09/04/linux_rootkit_released/
http://www.immunityinc.com/resources-freesoftware.shtml
http://marc.info/?l=dailydave&m=122048165529738&w=2
Thread here
http://seclists.org/dailydave/2008/q3/0215.html
There is a thread at dslreports but site currently down after server failure

sigh why do I always fee like I'm drowning...:doubt:

{QUOTE-> Couple of sacred shibboleths about to be shattered? <-QUOTE}
Which shibboleths?

I'm asking :)
It is an ominous devt.
I am not expert in nay way but reading around there is a thread running through it that means some basic evaluations and 'taken for granteds' might need some adjusting ?? (Still asking)
Prolly still needs 'root' to install.
chkrootkit, rkhunter might not see this
May only be a real risk to servers ??
Lots of other rk's already itw on linux.
The Reg might be a bit hyped here but the writer seems genuine and has some cred.

Some good comments here:
http://www.dslreports.com/forum/r21063115-Open-source-release-takes-Linux-rootkits-mainstream

secuirty issues happern on all OS's
with linux its genrally fixed faster due to the huge opensourse community

First of all, there have been a couple a rootkits for U|Linux for many years.

But the question is: How would your machine become infected?

You need root privileges in order to install it. Thus, if a Linux user gets this rootkit as, e.g., an email attachment and installs it he must be a complete fool.

The other possibility is downloading and installing an app from some website. But why would you do this if virtually everything you'll ever need is contained in the official repositories?

In a nutshell: As long as the repositories of your distro are not manipulated you need not worry.

I is second the above ...
No different than getting infected ... in general. You execute, you let run ...
Mrk

{QUOTE->

In a nutshell: As long as the repositories of your distro are not manipulated you need not worry. <-QUOTE}

Makes sense to me :)

{QUOTE-> As long as the repositories of your distro are not manipulated you need not worry. <-QUOTE}
;)
http://www.google.com.my/search?q=fedora+repositories+breach
Old news now and not necessarily an issue eh..

{QUOTE-> ;)
http://www.google.com.my/search?q=fedora+repositories+breach
Old news now and not necessarily an issue eh.. <-QUOTE}

Yes, I had read about that here (http://www.heise-online.co.uk/news/Fedora-and-Red-Hat-servers-broken-into--/111379). That's a serious issue that doesn't nullify what I said above, though. I'm sure that the Linux distributors learn from this intrusion.

It's at least a warning against blindly including 3rd party repositories (because something is missing in the official repos etc.... blabla.). Who knows how well managed and secured these 3rd party repos are, after all.

The Fedora-Red Hat Crisis (http://itmanagement.earthweb.com/osrc/article.php/3770216/The+Fedora-Red+Hat+Crisis.htm) (Bruce Byfield)