it's not a very good rootkit by itself, certainly, as typically rootkits will monkey with the kernel to hide processes and network sockets.
it's interesting because it's probably the simplest rootkit method i can think of (next to setuid binaries). it's less obvious than a setuid. it's not something that anyone sane would use by itself because like i said--it doesn't hide you.
it's not a very good rootkit by itself, certainly, as typically rootkits will monkey with the kernel to hide processes and network sockets.
it's interesting because it's probably the simplest rootkit method i can think of (next to setuid binaries). it's less obvious than a setuid. it's not something that anyone sane would use by itself because like i said--it doesn't hide you.