On Sun, 2005-12-11 at 10:52 -0500, Gene Heskett wrote: > On Sunday 11 December 2005 10:25, William Case wrote: > >On Sun, 2005-12-11 at 00:44 -0500, Scot L. Harris wrote: > >> On Sun, 2005-12-11 at 00:31, Gene Heskett wrote: > >> > A friend of mine just reported he has been rooted, and his > >> > machine was spewing spam in the name of the colonial bank. > >> > > >> > FWIW, chkrootkit didn't find it! > >> > >> Did you try rkhunter? Would be interesting to know if it could see > >> it. > >> > >> > Whats the general removal procedure for this, and better yet, how > >> > did they get in? > >> > >> Once a system has been rooted the only action to take is to rebuild > >> the system from scratch, format the drives and install clean. Be > >> very careful of anything backed up on the system since the root kit > >> was installed. > > > >I think I know in a general kind of way. But, what is a rootkit? > > > >Regards Bill > > Thats where someone gets in thru a buffer overflow, or other > exploitable means, possibly guessing passwords (we think this is how > this one got in, sons very weak pw) and takes over the machine to turn > it into a zombie sending spam or virii to a large mailing list. ---- that might be your definition of a rootkit but that wouldn't be the consensus definition of a rootkit - by any stretch of the imagination. That might represent a methodology of gaining access and just one of so many possible things that a cracker might do once having gained access. for a more accurate definition of rootkit, another reply listed the wikipedia.com link Craig
