Welcome to Linux Forums!

With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Linux Forum ArticlesLinux ForumsLinux Forum DownloadsLinux HostsFree MagazinesJobs
Home|Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search|
SEARCH FOR IN
Go Back   Linux Forums > GNU Linux Zone > Linux Security
Reload this Page rootkit infected
Linux Forums
Linux Forums
Welcome To The Linux Forums!
Welcome to Linux Forums. We pride ourselves in being one of the largest Linux communities on the web, we encourage you to REGISTER on our forums and participate in the community. There are over 150,000 members ready to answer your questions. JOINING US today will allow you to make new posts, get support, send messages to other members and submit downloads to our downloads directory and many other great features!

Linux Security Discussion about keeping your machines secure, and the crackers out.

Reply
Page 2 of 2 < 1 2
 
Thread Tools Display Modes
Old 04-20-2005   #11 (permalink)
Linux Enthusiast
 
Join Date: Mar 2005
Location: Republic of Texas
Posts: 732
Can't take it off line? Very irresponsible.

There are no guarantees that your system is clean, even after running packaged programs that supposedly clean your PC.

As Flatline already stated earlier in this thread, the ONLY way you will know you have a clean installation is to repartition, reformat, and reinstall the system. Period. To do anything else is just plain, well, for lack of a better word, stupid.
__________________
Registered Linux user #384279
retired1af is offline   Reply With Quote
Old 04-20-2005   #12 (permalink)
Just Joined!
 
Join Date: Feb 2004
Location: Indonesia
Posts: 84
take it easy retired1af this server i manage is running some small webshoting
of course i can't offline for a while (i can get more angry from customers)

but i found that binary suckit rootkit on mine is under
/usr/X11R6/bin/.httpd/

hey i found it after do
#locate sniffer
/usr/X11R6/bin/.httpd/.sniffer

you may try this link i found http://hepwww.rl.ac.uk/sysman/april2...dentReport.ppt
cause google is very kind you may try this HTML page
http://64.233.183.104/search?q=cache...ient=firefox-a
or just typeremove suckit rootkit on query

thanks for your support
kamtono is offline   Reply With Quote
Old 04-20-2005   #13 (permalink)
Linux Enthusiast
 
Join Date: Mar 2005
Location: Republic of Texas
Posts: 732


How do you know that the kit isn't the only thing on there? Blunt answer. You don't. Your system has been compromised. And I guarantee your customers will be far more upset and angry if they knew you were running a compromised box.
__________________
Registered Linux user #384279
retired1af is offline   Reply With Quote
Old 04-21-2005   #14 (permalink)
Linux User
 
Join Date: Feb 2005
Posts: 290
save your time to do the 3R instead of searching around for solution,
use a new root password after you've re-installed your system,
remember to update your system frequently with latest patches from the distro vendor,
stop using root account with plain text protocol like telnet, pop3, smtp, etc...
firewall your box properly,
and, disable those unnecessary services to minimize the chances of being hacked.

good luck
adam7979 is offline   Reply With Quote
Old 04-24-2005   #15 (permalink)
Linux Newbie
 
Join Date: Nov 2004
Posts: 239
How would you tell if you have been infected by such a rootkit?
dark_lord_kodd is offline   Reply With Quote
Old 05-07-2005   #16 (permalink)
Linux User
 
Join Date: Feb 2005
Location: London, England
Posts: 287
Quote:
Originally Posted by dark_lord_kodd
How would you tell if you have been infected by such a rootkit?
you can use a program called chkrootkit, you can get it here
http://freshmeat.net/redir/chkrootki...rootkit.tar.gz

it checks your binaries for rootkit modifications
http://web01.slackhost.net/~admin74/...chkrootkit.png
and then checks for the existance of any worms or rootkits
http://web01.slackhost.net/~admin74/...hkrootkit1.png
__________________
"The search for the MOT JUSTE is not a pedantic fad but a vital necessity. Words are our precision tools. Imprecision engenders ambiguity and hours are wasted in removing verbal misunderstandings before the argument of substance can begin."

Do the things you use not respect you, the user? Then it's defective by design, so make your voice heard.
Krendoshazin is offline   Reply With Quote
Old 05-10-2005   #17 (permalink)
Just Joined!
 
Join Date: May 2005
Posts: 42
Rootkit Hunter is another good one.
http://www.rootkit.nl/projects/rootkit_hunter.htm

Detection List:

55808 Trojan - Variant A
ADM W0rm
AjaKit
aPa Kit
Apache Worm
Ambient (ark) Rootkit
Balaur Rootkit
BeastKit
beX2
BOBKit
CiNIK Worm (Slapper.B variant)
Danny-Boy's Abuse Kit
Devil RootKit
Dica
Dreams Rootkit
Duarawkz Rootkit
Flea Linux Rootkit
FreeBSD Rootkit
****`it Rootkit
GasKit
Heroin LKM
HjC Rootkit
ignoKit
ImperalsS-FBRK
Irix Rootkit
Kitko
Knark
Li0n Worm
Lockit / LJK2
mod_rootme (Apache backdoor)
MRK
Ni0 Rootkit
NSDAP (RootKit for SunOS)
Optic Kit (Tux)
Oz Rootkit
Portacelo
R3dstorm Toolkit
RH-Sharpe's rootkit
RSHA's rootkit
Scalper Worm
Shutdown
SHV4 Rootkit
SHV5 Rootkit
Sin Rootkit
Slapper
Sneakin Rootkit
Suckit
SunOS Rootkit
Superkit
TBD (Telnet BackDoor)
TeLeKiT
T0rn Rootkit
Trojanit Kit
URK (Universal RootKit)
VcKit
Volc Rootkit
X-Org SunOS Rootkit
zaRwT.KiT Rootkit

and... some known/unknown sniffers, backdoors like:
Anti Anti-sniffer
LuCe LKM
THC Backdoor
Salient is offline   Reply With Quote
Reply
Page 2 of 2 < 1 2



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off
 

Free Magazines
Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe
Systems Management News, the newspaper for IT systems administration and data center managers!
Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe
The Enterprise Newsweekly
eWeek is the essential technology information source for builders of e-business.
subscribe
Oracle Magazine
Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe
Total Telecom
Total Telecom is "The Economist of the communications industry".
subscribe
More free magazines »



All times are GMT. The time now is 07:10 PM.



Contact Us | Advertise | Archive | Top
© 2000 - 2008 - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.2.0