This document discusses Linux rootkits and how they have evolved from user-land Trojan binaries to kernel-level techniques like syscall patching. It describes how later Linux kernels made syscall patching more difficult by making the syscall table read-only. The document then introduces an alternative technique of hooking the virtual filesystem (VFS) using the /proc filesystem to hide processes, files and directories. It provides code examples for a proof-of-concept rootkit called Fuckit that implements process, file and module hiding through VFS hooks instead of direct syscall patching.