Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 03:45:13 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1951082673&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2FUNIX%2Fpenetration%2Frootkits%2Fmood-nt_2.3.tgz%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1951082673.1338176713.1338176713.1338176713.1%3B%2B__utmz%3D32867617.1338176713.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/57016/mood-nt_2.3.tgz http://packetstormsecurity.org/files/57016/mood-nt_2.3.tgz http://packetstormsecurity.org/files/57016/mood-nt_2.3.tgz.html Wed, 06 Jun 2007 22:38:28 GMT Mood-NT 2.3 is a linux kernel rootkit for kernels 2.4.x and 2.6 versions below 2.6.20. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. It fully supports vsyscalls and if the kernel changes it automatically reinstall itself on boot.