Kernel-Level RootKits (cont.)
¨File Hiding
–Attacker can hide specific
subdirectories and files
¨Process Hiding
–Attacker can be running Netcat listener
but the kernel will not report its existence to ps
¨Network Hiding
–Attacker can tell kernel to lie to
netstat about network port being used by a backdoor program