[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: linux trojan



On Thu, 2005-03-24 at 21:43 -0800, Bryan J. Smith wrote:
> On Thu, 2005-03-24 at 16:51 -0600, Dan Fleischer wrote:
> > Has anyone heard of this?:
> > http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dextenea.html
> 
> Yes, YARK (Yet Another Root Kit).
> 
> > Is this one of those things like the Redhat malware from last fall which
> > duped the user into installing a package from an unknown source?
> 
> Yes, it's not self-replicating.
> It's replicated 100% by social engineering.

Bryan,

I've just scanned the Symantec process description briefly, but it seems
to me it would break down when it tried to copy S80rpcmap to /etc/rcX.d
unless the user was surfing as root. In which case he deserves what
happens.

-- Doc
Robert G. (Doc) Savage, BSE(EE), CISSP, RHCE | Fairview Heights, IL
Fedora Core 3 kernel 2.6.10-1.770_FC3 on a P-III/M IBM Thinkpad A22p
"Perfection is the enemy of good enough."
                         -- Admiral of the Fleet Sergei G. Gorshkov


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.