Root Kit Found

Impact

Allows a malicious user to move about a system undetected. The root kit replaces certain UNIX based commands like; ls, pwd, tar, ps, ifconfig, netstat. If the user was able to modify the logs, to hide the existence of a break in, and install a root kit, a system administrator might not ever find out that the user is on the system.

Background

Resolution

If the system has been compromised the operating system must be reinstalled. If the backup of the system Can be confirmed not to have the root kit, then a backup can be used. The problem with the situation is that there are a number of different root kits in existence, and each replaces different commands. Therefore, a system administrator will never be able to tell exactly what system files have been replaced unless they go through each one the commands (ls, du, df, pwd, ifconfig, etc).

Where can I read more about this?