Bug#498024: RFP: dr-rootkit -- IA32 Debug Register based rootkit
Package: wnpp
Severity: wishlist
Package name : dr-rootkit
Version : 0.1 (according to README)
Upstream Author : Bas Alberts <bas.alberts@immunityinc.com>, Daniel Palacio
URL : http://www.immunityinc.com/resources-freesoftware.shtml
License : GPL2 (with Linus T. remark like the kernel)
Programming Lang: C
Description : IA32 Debug Register based rootkit
Architecture : i386 (i686)
Will Debian the first Linux distro shipping their own rootkit?
DR features a reference implementation of a IA32 debug register based
rootkit hooking engine. It does not modify IDT or syscall_table at all
but still provides transparent syscall hooking on IA32 Linux 2.6.
How to detect the rootkit? As easy as "dpkg -l dr-rootkit".
No need for chkrootkit, rkhunter, or unhide.
Reply to: