With Linux, Even Rootkits Are Open Source
Linux has traditionally been regarded as significantly more secure than other common platforms, and in particular the Windows line. Part of the security equation has been the lack of large numbers of malware applications, along with the difficulty of deploying those applications covertly. That may well have changed last Thursday, however, as a commercial "penetration testing" firm released what may be the most difficult to detect Linux rootkit to date — under an open source license.
The company in question — Immunity, Inc. — released the rootkit branded "Debug Register" under the GPL Version 2, as part of its Canvas toolkit for security professionals. The rootkit operates differently than previous examples, eschewing the more traditional system call attack in favor of cloaking itself as a kernel debugger. According to reports, the rootkit utilizes debugging mechanisms within Intel chip architecture — potentially meaning vendors like AMD are immune. Regardless, every Linux user will now have to be on the lookout, as the availability of a pre-packaged — and open source — Linux rootkit means that, in the words of one security researcher, "the gap between a script kiddie and a hacker just got a little smaller."
Immunity, which is offering — of all things — commercial support for Debug Register, will no doubt find itself on the receiving end of a great deal of discussion — some, we suspect, less than civil — of the cost/benefit involved in the release. Whatever is said, the one thing that can't be changed is the reality that easy, pre-packaged Linux malware is now in the hands of every hacker from here to Helsinki and back.
Justin Ryan is a Contributing Editor for Linux Journal.
|Huge Package Overhaul for Debian and Ubuntu||Jul 23, 2015|
|diff -u: What's New in Kernel Development||Jul 22, 2015|
|Shashlik - a Tasty New Android Simulator||Jul 21, 2015|
|Embed Linux in Monitoring and Control Systems||Jul 20, 2015|
|The Controversy Behind Canonical's Intellectual Property Policy||Jul 17, 2015|
|Non-Linux FOSS: Portable Apps, in the Cloud!||Jul 15, 2015|
- Huge Package Overhaul for Debian and Ubuntu
- Shashlik - a Tasty New Android Simulator
- diff -u: What's New in Kernel Development
- The Controversy Behind Canonical's Intellectual Property Policy
- Home Automation with Raspberry Pi
- Embed Linux in Monitoring and Control Systems
- Purism Librem 13 Review
- One Port to Rule Them All!
- Privacy Is Personal
- General Relativity in Python