rootkit?

[Craig White]

On Sun, 2005-12-11 at 10:52 -0500, Gene Heskett wrote:
> On Sunday 11 December 2005 10:25, William Case wrote:
> >On Sun, 2005-12-11 at 00:44 -0500, Scot L. Harris wrote:
> >> On Sun, 2005-12-11 at 00:31, Gene Heskett wrote:
> >> > A friend of mine just reported he has been rooted, and his
> >> > machine was spewing spam in the name of the colonial bank.
> >> >
> >> > FWIW, chkrootkit didn't find it!
> >>
> >> Did you try rkhunter?  Would be interesting to know if it could see
> >> it.
> >>
> >> > Whats the general removal procedure for this, and better yet, how
> >> > did they get in?
> >>
> >> Once a system has been rooted the only action to take is to rebuild
> >> the system from scratch, format the drives and install clean.  Be
> >> very careful of anything backed up on the system since the root kit
> >> was installed.
> >
> >I think I know in a general kind of way.  But, what is a rootkit?
> >
> >Regards Bill
> 
> Thats where someone gets in thru a buffer overflow, or other 
> exploitable means, possibly guessing passwords (we think this is how 
> this one got in, sons very weak pw) and takes over the machine to turn 
> it into a zombie sending spam or virii to a large mailing list.
----
that might be your definition of a rootkit but that wouldn't be the
consensus definition of a rootkit - by any stretch of the imagination.
That might represent a methodology of gaining access and just one of so
many possible things that a cracker might do once having gained access.

for a more accurate definition of rootkit, another reply listed the
wikipedia.com link

Craig