Challenge: How Did These Processes Get Here?

Thursday, 28 November 2002, 1:07 PM EST

Every now and then I like to issue challenges to my readers. This week you have another chance to test your wits against a problem, but the rewards are higher. Instead of a measly postcard, the winner will get a copy of Hacking Linux Exposed, Second Edition. I'll pick the winner from those who figure out the problem, based on the quality of the analysis of the problem described below. Anyway, onto the problem.

A user wrote me in a exasperated state. His machine had been cracked (his root password was less than stellar) and the cracker had installed various user-level rootkits and software. He had done a good job of removing the rootkits and cracking tools. When booting off CD (thus with no chance for any kernel modifications) he could see that there was nothing left that hadn't been accounted for. All the /etc/rc?.d directories were as they should be, no suspicious entries in /etc/xinetd.conf or /etc/xinetd.d.

He had no file integrity tools on this system (Tripwire, AIDE, etc) but he did verify each and every file that had a modification date and/or change date from the time the cracker entered, and nothing suspicious was in them.

[ Read more ]




Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //