Kernel Intrusion System (KIS) Detected by StMichael Despite Claims
The KIS system, Released by Optyx at Defcon 9 today is a Sub-7 like Linux trojan for Linux 2.2 and 2.4 systems that operates at the linux kernel. It makes it impossible to detect and remove from userspace, allowing remote crontrol via undetectable random network traffic. The Saint Michael Linux Kernel Module, Released on July 12th of this month on packetstormsecurity.org is able to detect, and partially remove the KIS system when configured with its 'Cloaking' features to hide and detect hidden kernel modules.
The Saint Michael Linux Kernel Module is a Kernel-Integrity ANTI-LKM rootkit kernel module for the 2.4 series of linux kernels. StMichael is homed at
http://sourceforge.net/projects/stjude.