FC9 Compromised...
Patrick O'Callaghan
pocallaghan at gmail.com
Fri Feb 27 23:32:21 UTC 2009
On Fri, 2009-02-27 at 14:08 -0800, Aldo Foot wrote:
> You could try booting with a LiveCD and use find to expose files
> created recently.
No good. A rootkit could have changed the file creation time. Either run
a hash check on all the binaries ("rpm -V" might be useful here, but of
course the rpm database could also be corrupt), or just reinstall from
safe media.
I know which one I'd do.
poc
More information about the fedora-list
mailing list