Re: how to fix rootkit?
On Wed, 2012-02-08 at 18:16 -0600, Mike Mestnik wrote:
> On 02/08/12 18:07, Russell Coker wrote:
> > On Thu, 9 Feb 2012, Stephen Hemminger <shemminger@vyatta.com> wrote:
> >> The advice I heard is trust nothing (even reflash the BIOS).
> > Do you know of any real-world exploits that involve replacing the BIOS? It's
> > been theoretically possible for a long time but I haven't seen any references
> > to it being done.
> Exploits that are theoretically possible are implemented by private 3rd
> parties(and Hackers!).
>
> I've a small collection of utilities I know that I'm the only one who
> has a copy, though other tools that work the same way more then likely
> exist.
> > Also one thing to keep in mind is the apparent competence of the attackers.
> > If they didn't bother changing debsums then it's unlikely that they did any of
> > the other tricky things which have been discussed (such as trojaning the
> > kernel).
> >
> A RedHat expert can alter a running Debian kernel, but might miss debsum.
>
>
Out of curiosity, couldn't one technically boot up a liveCD, mount the
drive(s) and then download the .debs individually, then extract them
over the mounted partitions, effectively copying over all of the
binaries. (Yeah, it'd be a nightmare, and quite frankly would be
easier / faster to just re-install with the exported package list. Not
to mention I'd trust it more just to re-install.)
Reply to: