AW: nouser - rootkit ?
From: vogt@hansenet.comDate: 03/12/02
- Previous message: Bruce Ediger: "Re: nouser - rootkit ?"
- Next in thread: Rob McCauley: "Re: AW: nouser - rootkit ?"
- Reply: Rob McCauley: "Re: AW: nouser - rootkit ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: vogt@hansenet.com To: kr@roqe.org, incidents@securityfocus.com Date: Tue, 12 Mar 2002 10:21:27 +0100
> I am just curious about the "red herring"-part of the story and the
> term "real rootkit"...
>
> I wonder if there are really attackers out there installing
> bogus-rootkits in order to protect the real ones. Has anybody on this list
> detected such kind of "feints"?
Not directly, but I have found multiple rootkits installed on a compromised
server late last year. I can think of a number of reasons why the attacker
would want to install more than one, but staying in control even if one is
discovered is surely a plausible option.
On the other hand, this strikes me as a very dumb move. If the sysadmin is
bright enough to find the rootkit, I sure do hope that he also realizes that
the only way to a clean system is through a full reinstall.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Bruce Ediger: "Re: nouser - rootkit ?"
- Next in thread: Rob McCauley: "Re: AW: nouser - rootkit ?"
- Reply: Rob McCauley: "Re: AW: nouser - rootkit ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
