On 10/5/07, Matthew Miller <mattdm@xxxxxxxxxx> wrote: > On Fri, Oct 05, 2007 at 04:24:39PM -0500, Arthur Pemberton wrote: > > > machines. "The vast majority of [the phishing sites] we saw were on > > > rootkit-ed Linux boxes, which was rather startling. We expected a > > > http://tinyurl.com/36nfsm > > How do they know that the attacks are from rooted linux boxes? > > Because it's generally pretty easy to tell the operating system a given web > site is running on. Note that they're talking about *phishing sites*, not > the sites from which phishing spam or whatever originates. The question still stands.... how do they know the attacks are from a _rooted_ linux box? You don't need root to put put a phishing site, esp. on a shared host. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com )
