On Sep 11, 2013, at 18:48, E Frank Ball III <frankb@efball.com> wrote:
This you describe is exactly what was reported to full-disclosure here: They also say this escalates into a kernel module and you know the deal. Can't trust the machine and unless you have the resources to spare, why bother looking for the rootkit. Like someone else already said, wipe it clean, even the BIOS, and when you install the OS use something like tripwire/aide to keep a known good state of the system in some other location. The idea being that you could detect what changed if it were to happen again. |