Excerpt
"sniffer, --eh" my question then is how would such a sniffer get into the system ?However, the Linux malware is based on an old and publicly available proof-of-concept backdoor known as 'cd00r.c', developed by hackers at phenoelit.org to solve the visibility 'problem' of standard backdoors. As phenoelit.org noted at the time, cd00r.c could be used for attack or defence.
"Standard backdoors and remote access services have one major problem: The ports they are listening on are visible on the system console as well as from outside (by port scanning)," phenoelit.org explains.
"The approach of cd00r.c is to provide remote access to the system without showing an open port all the time. This is done by using a sniffer on the specified interface to capture all kinds of packets. The sniffer is not running in promiscuous mode to prevent a kernel message in syslog and detection by programs like AntiSniff."