[Scottish] Rootkits and Linux

[Arron M Finnon]

Hi Guys,

I'm doing a project at university which looks at rootkits within Linux.
For those that don't know me, and for most parts thats nearly everyone
on this list, i'm a second year student studying ethical hacking and
countermeasures at Abertay University, dundee.

It's not so much looking at possible exploits to load a payload like a
rootkit, but more
into the rootkit.  Currently my thinking is that i would use something
like Mood-NT to infect 2.6 kernel.  

I'm kinda of asking if people have had any experience with wild rootkits (apparently rootkits out in the
wild are by nature and design hard to come by).  In addition what sort of
countermeasures people have employed to defend themselves against such
threats.

I've been very interest in LKM (Loadable Kernel Modules) Kit's,
Virtualised Kit's, and Kernel rootkits.

I thank you all in advance for any information and tip bits you can give

Yours

Arron

p.s the Tim Simpson talk we had last week was a success with over 40 attendees (Abertay Linux Society), and very interesting too.