Sidebar: A Simple Rootkit Example

Tuesday, 31 January 2006, 4:23 PM EST

An important element of a kernel rootkit is its ability to hide itself and cover up what is really going on. Here's one way that some rootkits do that. When a rootkit is installed, it replaces certain system calls and utilities with its own, modified versions of those routines.

For example, to hide the existence of a file, the rootkit must intercept all system calls that can carry a file name argument, such as open(), chdir() and unlink().

By Russell Kay at Computer World

[ Read more ]





Spotlight

Review: Logging and Log Management

Posted on 22 May 2013.  |  Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.


Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
  
Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
  

 
DON'T
MISS
Thu, May 23rd
    COPYRIGHT 1998-2013 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //