A rootkit is a program designed to take fundamental control (in Unix terms "root" access, in Windows terms "Administrator" access) of a computer system, without authorization by the system's legitimate owners
chkrootkit looks for known "signatures" in trojaned system binaries
If chkrootkit can't find a known signature inside a file, it can't automatically determine if it has been trojaned.
The user can try to run chkrootkit in expert mode (-x option) -- in this mode the user can examine suspicious strings in the binary programs that may indicate a trojan.
For a description on all supported modes please refer to the presentation slides.
Rootkits, Worms and LKMs detected
For an updated list of rootkits, worms and LKMs detected by chkrootkit please visit: http://www.chkrootkit.org/
chkrootkit has been tested on: Linux 2.0.x, 2.2.x, 2.4.x and 2.6.x, FreeBSD 2.2.x, 3.x, 4.x and 5.x, OpenBSD 2.x, 3.x and 4.x., NetBSD 1.6.x, Solaris 2.5.1, 2.6, 8.0 and 9.0, HP-UX 11, Tru64, BSDI and Mac OS X.
You can download the malware dumps from the links provided.
The challenge is pretty much straight forward; you must run the latest version of the tool to check which malware (Trojans, viruses) have made it into the database and which have not.
You can find some additional information from: http://www.linuxclues.com/articles/22.htm
Malware Dumps are available on:
You may want to try this one:
You must Sign-In to post a comment.