Re: New rootkit targetting Debian squeeze (amd64 only)

To: debian-security@lists.debian.org
Subject: Re: New rootkit targetting Debian squeeze (amd64 only)
From: "Milan P. Stanic" <mps@arvanta.net>
Date: Thu, 22 Nov 2012 14:13:43 +0100
Message-id: <[🔎] 20121122131343.GA11927@arvanta.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 50AE0D5E.3050906@gmail.com>
References: <[🔎] 50AE0D5E.3050906@gmail.com>

On Thu, 2012-11-22 at 12:32, Laurentiu Pancescu wrote:
> http://blog.crowdstrike.com/2012/11/http-iframe-injecting-linux-rootkit.html

Nothing about infection vector, so it is non-issue, probably.

Yes, root can be faked to install it from some third party module or
even DKMS, but root shouldn't do such things without careful checking
everything about third party modules.

-- 
Kind regards,  Milan

Reply to:

Follow-Ups:
- Re: New rootkit targetting Debian squeeze (amd64 only)
  - From: Laurentiu Pancescu <lpancescu@gmail.com>

References:
- New rootkit targetting Debian squeeze (amd64 only)
  - From: Laurentiu Pancescu <lpancescu@gmail.com>

Prev by Date: New rootkit targetting Debian squeeze (amd64 only)
Next by Date: Re: New rootkit targetting Debian squeeze (amd64 only)
Previous by thread: New rootkit targetting Debian squeeze (amd64 only)
Next by thread: Re: New rootkit targetting Debian squeeze (amd64 only)
Index(es):
- Date
- Thread