- The rootkit can hook the `kill()` syscall, network-related functions,
   and file listing operations in order to hide its activities and evade
   detection.

This should theoretically change the hash of the "kill" command leading to
detection as a generic rootkit.  The link you shared shows that this
rootkit is a kernel module.  Rkhunter does not check kernel modules by
default but this would be a great feature.

Thank you,

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.


On Sun, Dec 10, 2023 at 3:23 PM Brent Clark <brentgclarkl...@gmail.com>
wrote:

> Good day Guys
>
> I came across this
>
>
> https://arstechnica.com/security/2023/12/stealthy-linux-rootkit-found-in-the-wild-after-going-undetected-for-2-years/
>
> Does rkhunter can detect / scan for
>
>      Diamorphine
>      Suterusu
>      Rooty
>
> Regards
> Brent
>
>
>
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to