Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

pjf (2464)

pjf
  (email not shown publicly)
http://pjf.id.au/
AOL IM: miyuki3k (Add Buddy, Send Message)
Jabber: pjf@jabber.org

I run Perl Training Australia [perltraining.com.au].

I help with Melbourne Perl Mongers.

I spend an awful lot of time talking about Perl, and have had my picture in the Australian newspapers with a camel. That's rather scary.

Journal of pjf (2464)

Tuesday January 04, 2005
03:16 AM

Happy New Rootkit

[ #22557 ]

Happy New Rootkit
I'm back from holidays, and had intended to write about all the interesting diving I had managed to get done.

Unfortunately, the machine of one of our clients was compromised this afternoon, so instead I'm currently in the process of cleaning things up. I know how the attackers got in, and I have clean backups that verify without an issue. The main thing now is gaining physical access to the machine and the dull dull task of cleaning the disks and initiating a restore. There's reason to believe that the kernel has been modified by a direct write to /dev/kmem, so nothing the machine tells me can possibly be trusted.

This particular compromise falls into the "What? I didn't know we had that installed (outside of the packaging system)" category.

New comment creation has been disabled on this discussion.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.