Re: Found, a new rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 31 March 2006 19:32, John Summerfield wrote:
>Gene Heskett wrote:
>>>----
>>>My money is on sshd - somebody with a weak password.
>>
>> We found a couple that were downright
>> stupid/dumb/assinine/all_of_the_above.
>
>Since the attacker wrote to /usr I'd be looking at how he got to be
> root.

We haven't found that yet.  We're still looking over the forensic copy 
we made of that drive with dd.  And roots password was alpha-numeric, 
longer than most and certainly not susceptable to a dictionary attack.  
Interesting, since you made the comment re the compiler being handy, is 
that it wasn't used to install the irc botnet kit, only a shell, gzip, 
chmod & cp were used for that according to the install script we read.

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux