With Linux, Even Rootkits Are Open Source
Linux has traditionally been regarded as significantly more secure than other common platforms, and in particular the Windows line. Part of the security equation has been the lack of large numbers of malware applications, along with the difficulty of deploying those applications covertly. That may well have changed last Thursday, however, as a commercial "penetration testing" firm released what may be the most difficult to detect Linux rootkit to date — under an open source license.
The company in question — Immunity, Inc. — released the rootkit branded "Debug Register" under the GPL Version 2, as part of its Canvas toolkit for security professionals. The rootkit operates differently than previous examples, eschewing the more traditional system call attack in favor of cloaking itself as a kernel debugger. According to reports, the rootkit utilizes debugging mechanisms within Intel chip architecture — potentially meaning vendors like AMD are immune. Regardless, every Linux user will now have to be on the lookout, as the availability of a pre-packaged — and open source — Linux rootkit means that, in the words of one security researcher, "the gap between a script kiddie and a hacker just got a little smaller."
Immunity, which is offering — of all things — commercial support for Debug Register, will no doubt find itself on the receiving end of a great deal of discussion — some, we suspect, less than civil — of the cost/benefit involved in the release. Whatever is said, the one thing that can't be changed is the reality that easy, pre-packaged Linux malware is now in the hands of every hacker from here to Helsinki and back.
Justin Ryan is a Contributing Editor for Linux Journal.
Webinar: 8 Signs You’re Beyond Cron
On Demand NOW
Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.View Now!
|Non-Linux FOSS: Vienna, Not Just for Sausages||Jun 02, 2015|
|June 2015 Issue of Linux Journal: Networking||Jun 01, 2015|
|June 2015 Video Preview||Jun 01, 2015|
|My Humble Little Game Collection||May 28, 2015|
|New Linux Based OS Brings Internet of Things Closer to Reality||May 27, 2015|
|Non-Linux FOSS: All the Bitcoin, None of the Bloat||May 26, 2015|
- Non-Linux FOSS: Vienna, Not Just for Sausages
- June 2015 Issue of Linux Journal: Networking
- New Linux Based OS Brings Internet of Things Closer to Reality
- Dr Hjkl on the Command Line
- Initializing and Managing Services in Linux: Past, Present and Future
- Using Hiera with Puppet
- My Humble Little Game Collection
- Gartner Dubs DivvyCloud Cool Cloud Management Vendor
- Infinite BusyBox with systemd
- Goodbye, Pi. Hello, C.H.I.P.