New 64-bit Linux Rootkit Doing iFrame Injections

[K_Mikhail 807]

https://www.securelist.com/en/blog/20819393...rame_Injections

[Aleksandra 10]

http://blog.crowdstrike.com/2012/11/http-i...ux-rootkit.html

Comments:

You didn’t mention *any* form of infection. Apparently it is just an application you manually have to start as root, which then hooks itself into the system like a rootkit.

Without infection mechanism, it’s not a rootkit. Let alone dangerous.

If somebody has root access, it doesn’t matter if he installs some lame rootkit. He already has full access! It’s already too late!

and...

How was the kernel-module inserted ? No word about that !

You can't insert a kernel-module if you are not ROOT !

О_о

there is one way i know you can upload this kind of rootkit

1) Your network or machine is infected and you have ftp accounts configured on your system it will sniff the passwords sends back to the person and then they connect to the ftp and put the stuff.

2) You have your server password sheet saved in your computer and they will get it

3) Your server is not patched and have some thing open and they can get a root shell

4) Your php is not configured properly and they get root access using a php shell

5) You have a lame password DUH