Hi all,
Could somebody with better knowledge of Linux kernel enlighten me what
will happen if attacker tries to install an adore-based kit (or other LKM
kit) on a box already trojaned with LKM? I suppose new adore will take
control from previous adore since it will remap kernel calls elsewhere,
right? Or am I gravely confused here? ;-)
Any way to make sure my adore stays put? I looked at what StJude module
is doing and it looks promising, but maybe something else can help?
Thanks a lot for any response.
Best,
--
Anton A. Chuvakin, Ph.D.
http://www.chuvakin.org
http://www.info-secure.org
