On Sun, 2005-12-11 at 00:59, Kam Leo wrote: > > Isn't rebuilding a little extreme? If the cracker got into an > unpriviledged user's account and no further isn't that particular user > account the only thing at risk? Shouldn't changing all passwords to > strong ones and deleting the infected user account and files be > sufficient? How can you be sure they did not crack the root account and bury code on the system to maintain control? Or crack other user accounts? If you take half measures and the system is compromised again you may not know how or when it happened. And if the cracker gets pissed that you deleted his spam software he might use your system for other purposes or cause other damage before you can get it cleaned out. Hopefully his son learned from this why strong passwords are needed.
