Preface: According to statistical data, most organizations store data in cloud platforms operating in Linux based environment. Statistics show that, compared with the Windows operating system, Linux coverage rate exceeds 75%.

Background: Linux system commonly using drive by downloads on an infected website. For instance you install program on Linux sometimes require specify library file (.so). Perhaps your sense of defensive will be downgrade during software installation because you aim to achieve completed the milestone and therefore unintended let the rootkit implant to you Linux system. The rootkit is considered to be a type of Trojan horse. Many Trojan horses exhibit the characteristics of a rootkit. The main difference is that rootkits actively conceal themselves in a system and also typically provide the hacker with administrator rights.

RootKit specifications:

• Kernel mode rootkits (Ring 0)

• User mode rootkit (Ring 3)

What can we do now? Actively monitor web applications for unauthorized access, modification, or anomalous activities. But stay alert when you download the library file.