Re: Possible LKM Trojan installed

To: Undisclosed.Recipients: ;
Cc: debian-user@lists.debian.org
Subject: Re: Possible LKM Trojan installed
From: Mike Bird <mgb-debian@yosemite.net>
Date: Fri, 24 Aug 2007 18:58:28 -0700
Message-id: <[🔎] 200708241858.29259.mgb-debian@yosemite.net>
In-reply-to: <[🔎] Pine.BSF.4.64.0708241955250.48106@freire2.furyyjbeyq.arg>
References: <[🔎] 20070824152435.GA10772@columbus.rr.com> <[🔎] 200708241701.22279.mgb-debian@yosemite.net> <[🔎] Pine.BSF.4.64.0708241955250.48106@freire2.furyyjbeyq.arg>

On Friday 24 August 2007 17:59, Jude DaShiell wrote:
> how these trojans survive is by surviving operating system reinstalls.
> The better trojans hide themselves in several out of the way places on
> disks and after adjacent areas have got their new files copy themselves
> back into the areas where no more disk wiping by the installer is about to
> happen.  Trojan file names get changed too whenever this happens too.

How would a trojan be activated to copy itself back if block zero was
wiped, a new partitition table was installed, and new file systems
created?  Yes, an image of a trojan may still exist in the unused sectors
of the first track of a partition, but how could it be activated?

--Mike Bird

Reply to:

Follow-Ups:
- Re: Possible LKM Trojan installed
  - From: Jude DaShiell <jdashiel@shellworld.net>

References:
- Possible LKM Trojan installed
  - From: John <JohnRChamplin@columbus.rr.com>
- Re: Possible LKM Trojan installed
  - From: Mike Bird <mgb-debian@yosemite.net>
- Re: Possible LKM Trojan installed
  - From: Jude DaShiell <jdashiel@shellworld.net>

Prev by Date: Re: Possible LKM Trojan installed
Next by Date: Re: Python init
Previous by thread: Re: Possible LKM Trojan installed
Next by thread: Re: Possible LKM Trojan installed
Index(es):
- Date
- Thread