New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using ...

Advisories

Discover Hacks/Cracks News

New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets"

8.Locks HexConnections CodeGlobe

A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet.

"The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect," Avast security researchers David Álvarez and Jan Neduchal said in a report published Monday.

Adore-Ng, an open-source rootkit available since 2004, equips the attacker with full control over a compromised system. It also facilitates hiding processes as well as custom malicious artifacts, files, and even the kernel module, making it harder to detect.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.