Chkrootkit LKM Trojan installed warning - What now?
Posted on: 12/15/2011 10:51 AM

Dedoimedo published an article explaining how to properly react to chkrootkit scanner warning messages about malware infections by understanding how the system works, correlating results, testing with different kernels, examining services, startup scripts and the shell login, and more.

Chkrootkit LKM Trojan installed warning - What now?

First, a fact. There's no malware for Linux. Why? The primary reason is neither financial gain, nor interest, nor market share, nor the user skill, not even the security defaults built into the operating system. It is the simple fact that Linux code, while extremely highly portable, is in fact, not at all portable. The delicate combination of ever so slight differences between distro flavors, the headers, the libraries, and the variety of kernels and compilers makes executing random code on random machines extremely difficult. It is one thing to bundle a static application and get it running. Planting a module into the kernel, live and without errors, well, that's quite another.

But as it happens, many Linux users are also Windows users. And what do you do in Windows? You scan your system for malware. Can you name some malware scanners for Linux? Sure. There's chkrootkit and rkhunter. So you run them. And then you see chkrootkit report a warning about a possible LKM Trojan installed. Fear. What now?

Printed from Linux Compatible (