Hunting for Rootkits
Posted Mar 1, 2007 12:30 UTC (Thu) by MathFox
In reply to: Hunting for Rootkits
Parent article: Hunting for Rootkits
One could create two similar files that hashed to the same digest value. It is possible to hide them in binaries (executables and libraries); they stand out in text files.
Getting one of those patters into a Linux system requires a compromise of the distribution site; but when you do that it's far easier to upload a simple trojan horse.
to post comments)