Challenge: How Did These Processes Get Here?

Thursday, 28 November 2002, 1:07 PM EST

Every now and then I like to issue challenges to my readers. This week you have another chance to test your wits against a problem, but the rewards are higher. Instead of a measly postcard, the winner will get a copy of Hacking Linux Exposed, Second Edition. I'll pick the winner from those who figure out the problem, based on the quality of the analysis of the problem described below. Anyway, onto the problem.

A user wrote me in a exasperated state. His machine had been cracked (his root password was less than stellar) and the cracker had installed various user-level rootkits and software. He had done a good job of removing the rootkits and cracking tools. When booting off CD (thus with no chance for any kernel modifications) he could see that there was nothing left that hadn't been accounted for. All the /etc/rc?.d directories were as they should be, no suspicious entries in /etc/xinetd.conf or /etc/xinetd.d.

He had no file integrity tools on this system (Tripwire, AIDE, etc) but he did verify each and every file that had a modification date and/or change date from the time the cracker entered, and nothing suspicious was in them.

[ Read more ]




Spotlight

Fighting malware, emerging threats and AI

Posted on 24 November 2014.  |  Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Nov 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //