[ale] New Linux Rootkit
Erik Mathis
erik at mathists.com
Tue Nov 20 18:14:21 EST 2012
Check out rkhunter
On Tue, Nov 20, 2012 at 3:11 PM, Jay Lozier <jslozier at gmail.com> wrote:
> On 11/20/2012 02:18 PM, David Tomaschik wrote:
>
> Looks like it's targeting 64-bit Debian:
> https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> Quick question - how does determine if the rootkit is running? I tried ps -u
> foo and did not see any listings for its processes. Also, the article was
> some what confusing about who is at risk. The kernel mentioned is used by
> Debian but it is an older version (2 something) not a 3 series and it is not
> clear to me if that is important.
>
> I am using Mint 13 64 bit
>
> --
> Jay Lozier
> jslozier at gmail.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
More information about the Ale
mailing list