[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LKM Trojan

To: silug-discuss@silug.org
Subject: Re: LKM Trojan
From: Matt Wehland <mjw@littlegrassy.com>
Date: Thu, 17 Jun 2004 10:04:41 -0500
In-Reply-To: <061520041505.15890.6b51@mchsi.com>
Organization: Southern Illinois Linux Users Group
References: <061520041505.15890.6b51@mchsi.com>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org
User-Agent: KMail/1.5.4

On Tuesday 15 June 2004 10:05 am, hcrouch@mchsi.com wrote:
> While exploring the workings of my OS weekend before last, I managed to
> break Shorewall (Shoreline Firewall) and I surfed unprotected for a couple
> of daze before I was able to fix it.  I ran chkrootkit this last weekend,
> which reported that I had four hidden processes and might have picked up
> the LKM trojan.  For lack of a better plan, I reformatted my root partition
> and rebuilt from the ground up.  :-(

Well I'm a little late on this, but I haven't seen anyone else mention it.
Which version of Debian/chkrootkit did you use.
If you check the debian user/security acrhives you will find threads on 
chkrootkit throwing false positives  when run against debian (sarge/sid I 
believe).
So you may have not even been trojaned, it may just have been a faulty 
detection.

Matt

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: LKM Trojan
  - From: Steven Pritchard <steve@silug.org>

References:
- LKM Trojan
  - From: hcrouch@mchsi.com

Prev by Date: Re: Can I stop accounts from receiving mail?
Next by Date: Re: automated installer
Prev by thread: Re: LKM Trojan
Next by thread: Re: LKM Trojan
Index(es):
- Date
- Thread