VERY IMPORTANT

The Linux VENOM rootkit is a two-component malicious software aimed at maintaining unauthorized access on compromised Linux systems. It requires root privileges to be installed, and relies on: A userland binary, providing an encrypted backdoor with remote code execution and proxy functionalities A lightweight Linux Loadable Kernel Module, providing an additional port-knocking service for the userland backdoor VENOM features similar mechanisms to the tools used during the Freenode intrusion in 2014 external link. As the attacker attempts to remove all local traces, it is highly recommended to deploy and use a remote logging service (e.g. remote syslog).