By exploiting a CPU's native ability to generate interrupts, DR escapes some of the pitfalls that have visited more traditional types of rootkits, which modify an operating system's system call table. That's of increasing importance as more and more Linux distributions make it harder to make changes to the syscall table and rootkit detection programs such as chkrootkit and rkhunter actively check for such modifications. [...]
"In the old days, to attack a computer, you needed to 1) find a bug, 2) write an exploit, 3) run the exploit 4) hide yourself," Charlie Miller, principal security analyst for Independent Security Evaluators, said in an email. "The gap between a script kiddie and a hacker just got a little smaller."