yeah, of course the attacker has the root, a kernel rootkit generally is used to have the total control of the victim machine, after a break in.
Many more problems ? I don't think there is a something more important than the kernel integrity.
A userland rootkit is very easy to detect, a kernel rootkit less. Especially if is inside the kernel and the kernel change hash every time I boot.
|