A new Linux rootkit malware named ‘Syslogk’ is being used in attacks to hide malicious processes, using specially crafted "magic packets" to awaken a backdoor laying dormant on the device.

Backdoor infecting VPNs used “magic packets” for stealth and security J-Magic backdoor infected organizations in a wide array of industries.

Rootkit is only activated when attacker delivers 'magic packets' that trigger a backdoor.

Malware analysis is a complex and ever-changing field that requires a combination of human skills and machine intelligence.

Symantec also offers both inline and span/tap port malware detection. Trend Micro emphasizes inline packet inspection, only using span/tap ports for out-of-band monitoring, scanning and notification.