Attackers often install a rootkit to hide the intrusion and continue malicious activities in a stealthy manner. Rootkits are very difficult to detect and remove. A rootkit is a collection of programs that can give administrator-level access to a computer to the attackers. After infecting the system, the malware changes important system files so that standard anti-malware programs cannot detect it. As even the system files cannot be relied on, it becomes quite challenging to detect a rootkit and one needs specialized anti-malware programs to detect rootkits.
chkrootkit is a tool that is developed for detecting rootkits. While scanning a system with chkrootkit, it monitors the system files for signs of well-known rootkits and reports accordingly.
In this article, we would know :
-
How to install chkrootkit?
-
How to check whether a network interface is in promiscuous mode?
-
How to scan a system with chkrootkit?
-
How to run a test?
-
How to provide an alternate path to chkrootkit?
-
How to scan a mounted disk?
-
How to examine suspicious strings in a binary program?
0 Comments