After trying to hook into important kernel functions and trying to hide its own threads, Snasko sets out to take over the target system. Exactly what purpose lies this general ambition is unclear although the researchers suspect a conventional rather than political or nuisance motive.
The good news is that the rootkit looks like a work in progress, and contains enough programming rough edges to mark it out as 'in development'.
The malware''s relatively large binary size of 500k, and the inclusion of debug code, is another giveaway that this might be a work in progress.
As significant as its design is where it might have come from. In the view of the CrowdStrike analyst, Russia is the most likely origin which would put it in the realm of the professional cybercriminals.
Debian Linux kernel targeted by drive-by rootkit infection
Posted on Thursday, Nov 22 2012 @ 18:03 CET by Thomas De Maesschalck
InfoWorld writes security researchers discovered a new rootkit that targets the latest 64-bit Debian Squeezy kernel (2.6.32-5). Named Rootkit.Linux.Snakso.a by Kaspersky Lab, the malware infects victims via an iFrame injection attack and enables attacks to take control over the target system.