Information about the knark Rootkit

Knark is a kernel-based rootkit for Linux 2.2/2.4. It hide ports, files
and processes from the administrator. This rootkit is very powerfull
and had been used by "crackers" in a lot of compromised machines.

A complete analysis, done by Toby Miller, can be found on this link:
http://www.ossec.net/rootkits/studies/knark.txt

Knark README can be found here

Download: knark.tgz ca1ebe26ab1138ebe431751f526df817

Files to search:

• /dev/.pizda
• /dev/.pula
• /proc/knark
• */taskhack
• */rootme
• */nethide
• */hidef
• */ered

*All files with an "*" need to be search in all system
**If you have any more information, send to: mail1, or to mail2.




$RootCheck: knark.php ,v 1.0 2003/10/17, Daniel B. Cid$