[wildman424]

New Linux Rootkit ???
A member of my staff just found this thing, its the tarball of source code, complete with make file. Supposedly its new and chkrootkit and rkhunter isn't detecting it yet.

KBeast (Kernel Beast) 2012 is a Linux rootkit that hides the loadable kernel module, hides files and directories, hides processes, hides sockets and connections, performs keystroke logging, has anti-kill functionality and more.

ipsecs-kbeast-v1.7z

password protected
(11.57 KiB) Downloaded 69 times

To prevent it from being compiled & spread I will supply the password only to researchers by request, just pm me here or at VT

[Disillusion]

Was made public a while ago on packetstorm:

http://packetstormsecurity.org/files/do ... -v1.tar.gz

or at original site:

http://ipsecs.com/web/?p=277

[wildman424]

yep that's it.

still not being detected = still a problem

[AaLl86]

Hi!
Thank you for sample! But by the way (and moderator has to tell me if I am wrong) I'm not completely agree on your pwd policy.
I think that all registered members of KernelMode.info should be able to open virus sample archive... Is for this matter that many researcher like me love this board.
In my opinion you have to provide archive password without the need to send you a mail...

Regards,
Andrea

New Linux Rootkit ???
A member of my staff just found this thing, its the tarball of source code, complete with make file. Supposedly its new and chkrootkit and rkhunter isn't detecting it yet.

KBeast (Kernel Beast) 2012 is a Linux rootkit that hides the loadable kernel module, hides files and directories, hides processes, hides sockets and connections, performs keystroke logging, has anti-kill functionality and more.

ipsecs-kbeast-v1.7z

To prevent it from being compiled & spread I will supply the password only to researchers by request, just pm me here or at VT

[Dashke]

I agree. :)

[EP_X0FF]

There are only common posting rules available here. It's user right - decide how exactly he want to share malware sample. However it is obvious - there is no need to add additional access requirements to the stuff which already available for free (and as in this case on it's own site which can be found by simple googling in 5 sec).

[wildman424]

if it wasn't ready to compile source code, I wouldn't have any issue supplying the password with the archive, but I'm not going supply potentially malicious code to just anyone. I'm in this to counter the malware threat, not make it worse.