[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian7 compromised (rk)



On Fri, Jul 12, 2013 at 7:04 PM, Security <sec@fuckaround.org> wrote:
Hi all
 
snip...

Today I done a backup of this script that contains a huge list of server
compromised. Later I re-install whole system.

Can be usuful send this rk?

If the regular tools do not find it, file bugs against them (or even file them upstream to reduce turn around time).  Additionally, you could upload all suspect files to virustotal - where they are handed off to all the major AV vendors (mostly useful for mail gateways and that other wormy OS).

HTH, cheers,

Scott. 

E.g.:
supaplex@tv:~$ apt-cache search rootkit
chkrootkit - rootkit detector
rkhunter - rootkit, backdoor, sniffer and exploit scanner
unhide - Forensic tool to find hidden processes and ports
unhide.rb - Forensic tool to find processes hidden by rootkits


Reply to: