| Name: | Adore rootkit |
| Aliases: | Adore LKM, |
| Ports: | |
| Files: | Adore031.zip - Adore-0.14.tgz - Adore-0.34.tgz - 13,470 bytes Adore.c - 11,334 bytes Ava.c - 4,311 bytes Cleaner.c - 2,035 bytes Configure - 2,968 bytes Dummy.c - 1,957 bytes Libinvisible.c - 3,397 bytes Libinvisible.h - 2,601 bytes Makefile.gen - 774 bytes Startadore - 210 bytes |
| Created: | |
| Requires: | |
| Actions: | Rootkit / Backdoor / Remote Access |
| It´s a LKM based rootkit for Linux v2. The rootkit includes a smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine, and a userspace program to control it. The SysCall´s are named: sys_fork, sys_write, sys_close, sys_kill, sys_mkdir, sys_clone and sys_getdents. | |
| Versions: | 0.14, 0.2b, 0.24, 0.31, 0.34, |
| Registers: | |
| Notes: | Works on Unix (Linux). |
| Country: | |
| Program: |