Argh, infected!

Dan Osterrath do3 at mail.inf.tu-dresden.de
Mon Oct 13 05:32:56 PDT 2003


Am Montag, 13. Oktober 2003 14:22 schrieb Sam Barnett-Cormack:
> If chkrootkit relied on binaries being unstripped it would be kinda
> useless.

OK, it would be very easy to "hide" the trojan horse this way.
I've seen several postings in the google groups that mentions false alarms on 
netstat.
But I'd like to see other people having this problem with a recent version 
(LFS 5.0pre) just to be sure. Probably www.tazenda.demon.co.uk has been 
comprimised for the time when LFS 4.x was recent and everyone got a trojaned 
version.
You might try to reinstall net-tools and see what happens.

-- 
----------------------------------------------------------------------
%> ln -s /dev/null /dev/brain
%> ln -s /dev/urandom /dev/world
%> dd if=/dev/world of=/dev/brain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20031013/439f485c/attachment.sig>


More information about the lfs-security mailing list