A rootkit is a program  designed to take fundamental control (in Unix terms "root" access, in Windows terms "Administrator" access) of a computer system, without authorization by the system's legitimate owners 

chkrootkit looks for known "signatures" in trojaned system binaries

If chkrootkit can't find a known signature inside a file, it can't automatically determine if it has been trojaned. 

The user can try to run chkrootkit in expert mode (-x option) -- in this mode the user can examine suspicious strings in the binary programs that may indicate a trojan.

For a description on all supported modes please refer to the presentation slides.
 
Rootkits, Worms and LKMs detected
For an updated list of rootkits, worms and LKMs detected by chkrootkit please visit: http://www.chkrootkit.org/
 
Supported Systems
 
chkrootkit has been tested on: Linux 2.0.x, 2.2.x, 2.4.x and 2.6.x, FreeBSD 2.2.x, 3.x, 4.x and 5.x, OpenBSD 2.x, 3.x and 4.x., NetBSD 1.6.x, Solaris 2.5.1, 2.6, 8.0 and 9.0, HP-UX 11, Tru64, BSDI and Mac OS X.

You can download the malware dumps from the links provided.

The challenge is pretty much straight forward; you must run the latest version of the tool to check which malware (Trojans, viruses) have made it into the database and which have not.

You can find some additional information from: http://www.linuxclues.com/articles/22.htm

Links:

Malware Dumps are available on:

http://www.offensivecomputing.net/
http://contagiodump.blogspot.com/

You may want to try this one:

http://contagiodump.blogspot.com/2012/12/dec-2012-linuxchapro-trojan-apache.html 

1.http://www.chkrootkit.org/
2.Linux Power Tools by Roderick W. Smith


You must Sign-In to post a comment.