Implementing Kernel-Level Rootkits
¨Easiest way to modify kernel is to use the Loadable Kernel Module capability of operating system to extend the kernel
¨To install the Knark RootKit on Linux, type “insmod knark.o” ; no reboot required
¨Adore LKM RootKit for Linux
¨Plasmoid LKM RootKit for Solaris
–http://www.infowar.co.uk/thc/slkm-1.0html
¨Kernel-level RootKit for WindowsNT
–http://www.rootkit.com
–A kernel patch not a LKM