Hunting for Rootkits
Posted Mar 1, 2007 8:38 UTC (Thu) by NAR
Parent article: Hunting for Rootkits
These programs keep a record of each file in the system (using a digest like MD5 or SHA-1) and can alert the administrator when one of them changes.
A couple of years ago there was an article about a method that could generate a PDF file with different content but with the same MD5 digest value. Is that method applicable to config files, shell scripts and binary executables too? After all, config files and shell scripts can have comments where the necessary binary string can be inserted to fool the MD5 digest.
to post comments)