|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (alerts
infosecnews.org)
Date: Wed Apr 15 2009 - 02:47:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=216500687
By Kelly Jackson Higgins
DarkReading
April 14, 2009
Kernel rootkits are tough enough to detect, but now a researcher has
demonstrated an even sneakier method of hacking Linux.
The attack attack exploits an oft-forgotten function in Linux versions
2.4 and above in order to quietly insert a rootkit into the operating
system kernel as a way to hide malware processes, hijack system calls,
and open remote backdoors into the machine, for instance. At Black Hat
Europe this week in Amsterdam, Anthony Lineberry, senior software
engineer for Flexilis, will demonstrate how to hack the Linux kernel by
exploiting the driver interface to physically addressable memory in
Linux, called /dev/mem.
"One of bonuses of this [approach] is that most kernel module rootkits
make a lot noise when they are inserting [the code]. This one is
directly manipulating" the memory, so it's less noticeable, he says.
The /dev/mem "device" can be opened like a file, and you can read and
write to it like a text file, Lineberry says. It's normally used for
debugging the kernel, for instance.
[...]
_______________________________________________
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]