MD5 hash compare
 Look for default files used by rootkits
 Wrong file permissions for binaries
 Look for suspected strings in LKM and KLD modules
 Look for hidden files
 Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

’Supported’ rootkits/backdoors/LKM’s/worms:
 55808 Trojan - Variant A
 ADM W0rm
 AjaKit
 aPa Kit
 Apache Worm
 Ambient (ark) Rootkit
 Balaur Rootkit
 BeastKit
 beX2
 BOBKit
 CiNIK Worm (Slapper.B variant)
 Danny-Boy’s Abuse Kit
 Devil RootKit
 Dica
 Dreams Rootkit
 Duarawkz Rootkit
 Flea Linux Rootkit
 FreeBSD Rootkit
 Fuck`it Rootkit
 GasKit
 Heroin LKM
 HjC Rootkit
 ignoKit
 ImperalsS-FBRK
 Irix Rootkit
 Kitko
 Knark
 Li0n Worm
 Lockit / LJK2
 mod_rootme (Apache backdoor)
 MRK
 Ni0 Rootkit
 NSDAP (RootKit for SunOS)
 Optic Kit (Tux)
 Oz Rootkit
 Portacelo
 R3dstorm Toolkit
 RH-Sharpe’s rootkit
 RSHA’s rootkit
 Scalper Worm
 Shutdown
 SHV4 Rootkit
 SHV5 Rootkit
 Sin Rootkit
 Slapper
 Sneakin Rootkit
 Suckit
 SunOS Rootkit
 Superkit
 TBD (Telnet BackDoor)
 TeLeKiT
 T0rn Rootkit
 Trojanit Kit
 URK (Universal RootKit)
 VcKit
 Volc Rootkit
 X-Org SunOS Rootkit
 zaRwT.KiT Rootkit

and... some known/unknown sniffers, backdoors like:
 Anti Anti-sniffer
 LuCe LKM
 THC Backdoor