Knark is a kernel-based rootkit for Linux 2.2/2.4. It hide ports, files and processes from the administrator. This rootkit is very powerful and had been used by “crackers” in a lot of compromised machines.
/dev/.pizda
/dev/.pula
/proc/knark
*/taskhack
*/rootme
*/nethide
*/hidef
*/ered
Note
All files with an “*” need to be search in all system