search for: rootkit

Displaying 20 results from an estimated 140 matches for "rootkit".

2006 Feb 18
0
Does your rkhunter do an md5 check?
I rebuilt rkhunter-1.2.8-1.noarch.rpm by using the spec and tgz from the rkhunter site (www.rootkit.nl). (I rebuilt it using his instructions.) However rkhunter does not do an md5 check. The box used to have fedora and each time there were updates it would complain that the some of the md5's don't match. I contacted the author using his contact feature on Wednesday but he hasn't rep...
2010 Sep 30
6
ClamAV thinks Wine contains a rootkit?
Anyone wanna explain why ClamAV thinks Wine has a rootkit in it? It finds "mountmgr.sys" and "usbd.sys" as "BC.Heuristics.Rootkit.B" This is not altered Wine.. or even used... but it happens just pure straight up compile from source Wine even if its never been ran.... its finding them in the fakedlls folder. I have not tri...
2008 Jan 13
3
Anti-Rootkit app
Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ?What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent
2005 May 12
1
Do I have an infected init file?
Hello; I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected. It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootk...
2018 Jun 19
0
Design Decision for KVM based anti rootkit
On 19 June 2018 at 19:37, David Vrabel <david.vrabel at nutanix.com> wrote: > It's not clear how this increases security. What threats is this > protecting again? It won't completely protect prevent rootkits, because still rootkits can edit dynamic kernel data structures, but it will limit what rootkits damage to only dynamic data. This way system calls can't be changed, or Interrupt tables. > As an attacker, modifying the sensitive pages (kernel text?) will > require either: a) altering the...
2006 Nov 03
1
Enc: FreeBSD and the new virtual machine-based rootkits
----- Mensagem encaminhada ---- De: Ricardo A. Reis <ricardo_bsd@yahoo.com.br> Para: security@freebsd.org Enviadas: Sexta-feira, 3 de Novembro de 2006 10:54:14 Assunto: FreeBSD and the new virtual machine-based rootkits Hi All, Recently i participated in Brazil on October 2006 The FIRST/TRANSITS and II Latin American Incident Response Conference (COLARIS). In the II COLARIS - Joanna Rutkowska alert the possible new technology of Malware's using hardware virtualization, present in AMD and INTEL new p...
2013 Feb 21
3
SSHD rootkit in the wild/compromise for CentOS 5/6?
Hello everyone, I hope you are having a good day. However, I am concerned by this: https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229 Has anyone heard yet what the attack vector is, if 5.9 and 6.4 are affected, and if a patch is coming out? Thanks! Gilbert ******************************************************************************* Gilbert Sebenste *****...
2006 Jun 12
3
Check integrity or rootkits on remote server?
...me hundred of KMs from here)? Does it still make sense to run tripwire remotely? If yes, how, since you cannot plug a floppy or USB drive in the machine? What if tripwire was never ran? Does it make sense, on a Centos system without physical access, to download there and run remotely one of those rootkit detection tools? Would its findings be surely accurate? Generally speaking, how does one handle these issues on remote systems? Thanks in advance for any comment, Marco
2008 Sep 01
1
How to check for rootkit, troians etc in backed up files?
...less important email (maildir format, if it matters) including messages with binary attachments in .doc, .pdf, .jpeg and other formats. What is, in the context above, the best way to make sure that **those** backed up files (which _must_ be put back on the server after reinstall) do not contain any rootkit, troian, virus, whatever? Which Centos / linux tool you'd recommend for this specific case? TIA, Marco -- Your own civil rights and the quality of your life heavily depend on how software is used *around* you: http://digifreedom.net/node/84
2008 Feb 11
0
Remember the unknown rootkit problem previously reported?
If the attacker could get a shell, the attacker could have used this local root exploit to get the necessary privileges to install the rootkit. One reason why there seem to be few RHEL reports is that RHEL5 is not that widely available yet but lots of vulnerable Fedora/Debian installations are available.
2007 Oct 04
2
Internet threat management package
... Looking for a recommendation for a commercial threat management package. ( Think antivirus / antispy / anti-rootkit -- all rolled into one engine ), similar to this product: http://usa.kaspersky.com/products_services/work-space-security.php, which currently only supports one kernel for FC6, and RHEL4, officially. Here's the background. Need to make a decision and investment for a hybrid linux/windows n...
2009 Jan 26
1
I may have been rooted - but I may not!?
...eded for RTP, IAX2 and SIP - there is no other public access and no user accounts. Having fixed the vlan issue, Asterisk is running fine. I re-created /dev/kmem, but it's missing at subsequent reboots. I have Googled many references to the IDT table problem being associated with the SuckIT rootkit, but I can find no evidence that it's installed. OK, bearing in mind that I will go ahead and reinstall the server (no biggie as I have Trixbox config backups and installing TB is not a big task), I just wanted to check whether there were any IDT table issues that may *NOT* be rootkit related...
2018 Jun 18
0
Design Decision for KVM based anti rootkit
On 16.06.2018 13:49, Ahmed Soliman wrote: > Following up on these threads: > - https://marc.info/?l=kvm&m=151929803301378&w=2 > - http://www.openwall.com/lists/kernel-hardening/2018/02/22/18 > > I lost the original emails so I couldn't reply to them, and also sorry > for being late, it was the end of semester exams. > > I was adviced on #qemu and
2003 Aug 22
0
rootkit
I ran chkrootkit and this is what I got. should I worry or is this normal? I'm running 4.8 thanks. Checking `wted'... 3 deletion(s) between Sat Jun 26 18:10:21 2027 and Sun Mar 24 04:27:12 2024 4 deletion(s) between Sun Mar 24 04:27:12 2024 and Sun Mar 24 04:27:12 2024 5 deletion(s) between Sun Mar 24 04:2...
2003 Mar 30
2
Bindshell rootkit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok...did some checking. I forgot to mention that I killed dead syslogd. Not just a -HUP but an actual kill and restarted. I did this several times. I was trying to get something else to work. Anyway, I killed it again this morning and restarted. The infect message went away immediately. Could this have been the problem? -
2003 May 09
5
Hacked?
This morning, I noticed in my security email, that my entire /usr/bin directory had setuid diff's set on them. I think I've been hacked. So I installed chkrootkit from ports and ran it. It showed not infected for everything, except NETSTAT. NETSTAT showed infected... I ran chkrootkit for another machine (at my office), and it showed not infected for everything. Both machines are running 4.7-STABLE. I can re-install and restore my data, that's not...
2001 Jun 25
1
Apparent SSH-1.2.27 Rootkit
...t tgivan dot com> Systems Engineer TGI Technologies Inc. Tel: (604) 872-6676 Ext 321 107 E 3rd Avenue Fax: (604) 872-6601 Vancouver,BC V5T 1C7 Canada. -------------- next part -------------- Welcome Root Kit SSH distribution v5.0 (by Zelea) This version was build on TimeCop's previous SSH RootKit New in this version: - build against ssh-1.2.27 - corrected a bug that prevented wtmp/utmp login when RSA authentication and .shosts was used - when login in with the 'global' password a message "Closed connection from %IP%" is logged - enc...
2005 May 14
2
Need some help
Hello, I would like to ask for some specialist assistance in dissecting a 'rootkit' (seems to be massmailing specific,crafted somehow from another kit perhaps) It was found running on 5.x machines belonging (sofar) to my knowledge, 2 companies,one of wich was an isp and another a webhosting service running bsd. I will provide the kit and further details as soon as i am sure...
2014 Apr 16
3
TRD like tool for linux?
...ated it, found a few odd things like gibberish comments and odd hostnames that I don't recognise pointed back to 127.0.0.1 in /etc/hosts. I tried TRD and it seems mildly useful, but has more of a windowsy feel for what it wants to be able to fix. does anyone know of something with more linux rootkit detection as a focus? I could just rebuild this machine, but I'd like to know for sure what all/how bad this was broken so I can avoid it for next time. thanks.
2007 Jan 12
11
Regarding Xen security....
Hi Sir, I have a question regarding the security of Xen. What are the security threats in with Intel VT-x. Thanks, Praveen Kushwaha ________________________________________________________________________ _____________________ NEC HCL System Technologies Ltd., 4th Floor, Tower B, Logix Techno Park, Noida | Tel: 120 436 6777 Extn 748