rootkit question.

Discussion in 'other anti-malware software' started by iceni60, Mar 29, 2007.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, is it possible to hide the presents of a rootkit from a file integrity checker in this situation, where two computers are being used (computer A and computer B) -

    1, computer A runs the file integrity checker against computer B and the database is stored on a separate media

    2, a rootkit is installed on computer B

    3, computer A re-runs the file integrity checker with the database it made during the first scan.

    should the rootkit be picked up by the file integrity checker, or are there RKs that can hide its files from the file integrity checker?[SIZE=-1]
    [/SIZE]
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,

    The answer is: maybe.

    If the B computer OS is running, then the files might be hidden.
    The best way for such an inspection is:

    - With OS running
    - With OS turned off - from boot CD / alternative OS

    Be aware that you WILL find a difference; some files might be hidden from the user during the normal operation of the OS - hence not all files that show up as the delta would / could belong to the rootkit.

    Mrk
     
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Is it possible for Linux to get a rootkit?? That is Linux you have right?
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,
    Rootkit is not a bad word.
    Everything is possible on every OS. Almost everything. You can install software that you think is legit and turns out to be not. It could also use system calls to disguise itself. Possible, doable. All in the hands of a user.
    Mrk
     
  5. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    ok, thanks. i might try it out and see how it goes if i have the time and right software.

    cheater, you've heard of root while using linux/unix haven't you? well rootkits were first used on unix based OSes, that's how they got their name - software kits that gain root privileges and hide themselves in various ways from the OS they are on.
     
Loading...
Similar Threads
  1. majorpain
    Replies:
    21
    Views:
    1,475
Thread Status:
Not open for further replies.