The trick is that, without requiring extensive rights, libmemrk uses the /dev/mem device driver to write arbitrary code from userspace into main memory. /dev/mem is an interface that enables use of the physically addressable memory.
Interestingly, some platforms are secure against this new rootkit (by default):
- Current RedHat and Fedora (incorporates SELinux )
- Virtual environment (another reason to be virtualized)