Threats move beyond Linux to Windows
Hackers can obtain user-level security privileges and install a rootkit, which is basically a collection of tools, to compromise a system or network. The rootkit will exploit a known system vulnerability or crack a password for a user with administrator-level privileges and will then cover the hackerís tracks, making them difficult to detect. The best way to protect your network against rootkits is to know how they work and what type of damage they can do.
One of the primary purposes of a rootkit is to allow an attacker unfettered and undetected access to a compromised system at some point in the future. One way that a rootkit can do this is by installing a backdoor process or by replacing one or more of the files that run the normal connection processes, such as telnet or ssh. Within the Linux platforms, most rootkits also replace some system commands such as ls, ps, netstat, and who.
[ Read more ]