Hidden under the hood - Linux backdoors presented at Virus Bulletin 2002

by Sami Rautiainen (F-secure corporation),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2002/abstracts/linux_backdoors.xml

Summary : "
During the past year there has been no global outbreaks of Linux worms
or viruses, so for a bystander it might look as if life has been
relatively easy for Linux users when it comes to malware.

However, the reality is something completely different. While we
haven't seen automated attacks using worms, intrusions into Linux
systems are anything but part of the past. Intruders often use
semi-automated attacks to penetrate the system. A good sign that one's
machine has been compromised is a presence of a backdoor - if it is
ever detected.

Linux backdoors include sophisticated methods to hide themselves from
the user of the machine, using anything from replaced system binaries
to a kernel module.

This paper examines types of different backdoors for Linux, how they
are hidden in the system and discusses different methods of detecting
the presence of a backdoor.