craigwhite at azapple.com
Sun Dec 11 15:59:24 UTC 2005
On Sun, 2005-12-11 at 10:52 -0500, Gene Heskett wrote:
> On Sunday 11 December 2005 10:25, William Case wrote:
> >On Sun, 2005-12-11 at 00:44 -0500, Scot L. Harris wrote:
> >> On Sun, 2005-12-11 at 00:31, Gene Heskett wrote:
> >> > A friend of mine just reported he has been rooted, and his
> >> > machine was spewing spam in the name of the colonial bank.
> >> >
> >> > FWIW, chkrootkit didn't find it!
> >> Did you try rkhunter? Would be interesting to know if it could see
> >> it.
> >> > Whats the general removal procedure for this, and better yet, how
> >> > did they get in?
> >> Once a system has been rooted the only action to take is to rebuild
> >> the system from scratch, format the drives and install clean. Be
> >> very careful of anything backed up on the system since the root kit
> >> was installed.
> >I think I know in a general kind of way. But, what is a rootkit?
> >Regards Bill
> Thats where someone gets in thru a buffer overflow, or other
> exploitable means, possibly guessing passwords (we think this is how
> this one got in, sons very weak pw) and takes over the machine to turn
> it into a zombie sending spam or virii to a large mailing list.
that might be your definition of a rootkit but that wouldn't be the
consensus definition of a rootkit - by any stretch of the imagination.
That might represent a methodology of gaining access and just one of so
many possible things that a cracker might do once having gained access.
for a more accurate definition of rootkit, another reply listed the
More information about the fedora-list