rootkits hide network traffic

0001-01-01

A common rootkit feature is hiding or obscuring network traffic that relates to the attacker.

For example, the rootkit may install hooks that make active connections not show up when a systems administrator or incident responder runs the netstat command on an infected host.


Links to this note