Re: Found, a new rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Friday 31 March 2006 19:32, John Summerfield wrote:
>Gene Heskett wrote:
>>>My money is on sshd - somebody with a weak password.
>> We found a couple that were downright
>> stupid/dumb/assinine/all_of_the_above.
>Since the attacker wrote to /usr I'd be looking at how he got to be
> root.

We haven't found that yet.  We're still looking over the forensic copy 
we made of that drive with dd.  And roots password was alpha-numeric, 
longer than most and certainly not susceptable to a dictionary attack.  
Interesting, since you made the comment re the compiler being handy, is 
that it wasn't used to install the irc botnet kit, only a shell, gzip, 
chmod & cp were used for that according to the install script we read.

Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-) and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux