|
|
|
|
|
|
by fullspectrumdev
920 days ago
|
|
|
Most authors of kernel rootkits target a subset of versions and then give up or are stuck maintaining a codebase that is a mess of ifdefs for different versions. At one of my old jobs we had a kernel rootkit we used on occasional red team exercises that ended up having forks for 2.6, a couple of forks for 3.x, and a couple more forks for 4.x - maintenance of that was an absolute nightmare and frankly, not worth the effort in the long run, so it was not maintained into 5.x and replaced with a few much simpler userland backdoors. That’s why you will see malware such as the one in the article shipping with stuff cobbled together from several different rootkit projects to try obtain some semblance of compatibility. |
|
|