Rootkits...The Hardest thing Ever

Ok I am in a class called 'CSC595 Special Problems' which is a really awesome class because it is a directed study. My particular subject for the directed study is Root kits or r00tkits. I am suppose to find and install root kits for Linux and Windows install them and then use the tools that my professor purchased with grant money to see if I can get the root kit off the system or detect the system. AT the end of the directed study I am suppose to write a paper in which I detail my work over the course of picking and then installing the root kits.

It sounds easy, "infect your computer"....Problem is this is actually a lot harder than you think. To start with, one of the main problems, I keep running into is once I select a r00tkit is it will not compile or install. To boot, there is not a whole lot of working documentation on root kits out there in the world to assist in compiling or installing. I have an accomplice and he and I have to group our minds together in order to accomplish a goal of reverse engineering the root kit to determine what it does and how it will affect the system.

We have tried currently two, Override, a Linux 2.6 kernel mode root kit and FLEA the universal Linux user mode root kit. We struck out with Override but surprisingly today we have made some breakthroughs with FLEA. We came up with what it does, how it works, what files it manuipulates, and are now working on a clean image to install on because we screwed up two disks with FC5. We have now decided to go to Virtual Machines for the ease of use and the ability to use snapshots to step back in time to a working order before we screwed up with the root kit.

I am writing this in docs and spreadsheets and am adding little by little....