RIAL is a lkm based rootkit which can hide processes, files, directories, LKMs, connections and file parts. While some of these are present in a large number of lkms, connections and file-parts hiding are new ideas, or at least i couldn’t find any lkm which had them. All the processes, files, directories and lkms containing in their name the string defined in HIDE are hidden. Reading from /proc/net/tcp is intercepted and read data is filtered to hide some connections.
You can download it from the following link: https://packetstormsecurity.com/files/download/23732/Rial.c
Source: https://packetstormsecurity.com/files/23732/Rial.c.html