[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OT: any one know about ZK bootkit?

Subject: OT: any one know about ZK bootkit?
From: drew at scirocco.cs.uoguelph.ca (Drew MacPherson)
Date: Fri Jan 23 08:38:04 2004
In-reply-to: <Law12-F116uSbh29cM300000147@hotmail.com>

Julie, a rootkit generally contains many methods for attempting to harvest
system passwords - these range from ethernet sniffers to trojan password /
login replacements.

If you have a system that has a rootkit installed, then you need to take 
immediate steps to secure the system.  Immediately remove it from the net 
- as many rootkits also include backdoor access for the hacker that 
dropped it in - back up any pertinent data (do not backup binaries or 
shell scripts that may have been modified!) and reinstall the machine from 
scratch.  Before putting the machine back on the wire, install all 
applicable vendor pacthes otherwise the hacker will drop in using the same 
vulnerability before you can say "bob's your uncle."

The issue does not stop there though - if there are any other systems that 
are accessed from the compromised system or are on the same network 
segment, then there is a very good chance that passwords may have been 
harvested, and/or those machines compromised as well. 

It is recommendsed that any passwords on these systems be changed and a 
thorough audit be conducted on these systems to determine if they have 
been compromised as well.

Drew

On Fri, 23 Jan 2004, Julie Macfarlane wrote:

> Sorry about the OT, but I was hacked last night....
> The Linux box crashed and I found this on my system. It failed and crashed 
> all the main systems in the box, but left all the logs  :)
> 
> What is it supposed to do?
> 
> 
> 
> Julie Macfarlane
> 1981 MKI 2L 16v
> Amsterdam NY
> 
> _________________________________________________________________
> Check out the coupons and bargains on MSN Offers! 
> http://shopping.msn.com/softcontent/softcontent.aspx?scmId=1418
> 
> 
> _______________________________________________
> Scirocco-l mailing list
> Scirocco-l@scirocco.org
> http://neubayern.net/mailman/listinfo/scirocco-l
> 

-- 
/=============================================\
|  84 Wolfsburg Edition TurboDiesel Scirocco  |
|    http://scirocco.cs.uoguelph.ca/gtd       |
\=============================================/

Follow-Ups:
- OT: any one know about ZK bootkit?
  - From: tim at unrealexpectations.ath.cx (stetson)

References:
- OT: any one know about ZK bootkit?
  - From: juliemac57 at hotmail.com (Julie Macfarlane)

Prev by Date: OT: any one know about ZK bootkit?
Next by Date: Epoxy
Previous by thread: OT: any one know about ZK bootkit?
Next by thread: OT: any one know about ZK bootkit?
Index(es):
- Date
- Thread