Re: Possible LKM Trojan installed

To: debian-user@lists.debian.org
Subject: Re: Possible LKM Trojan installed
From: Mike Bird <mgb-debian@yosemite.net>
Date: Sat, 25 Aug 2007 06:48:42 -0700
Message-id: <[🔎] 200708250648.43106.mgb-debian@yosemite.net>
In-reply-to: <[🔎] Pine.BSF.4.64.0708250241580.59826@freire2.furyyjbeyq.arg>
References: <[🔎] 20070824152435.GA10772@columbus.rr.com> <[🔎] 200708241858.29259.mgb-debian@yosemite.net> <[🔎] Pine.BSF.4.64.0708250241580.59826@freire2.furyyjbeyq.arg>

On Saturday 25 August 2007 00:43, Jude DaShiell wrote:
> Very easily.  The very first thing the trojan did after installing itself
> was to call home.  Home has the address of the trojaned machine.  Home can
> then check up on its trojan and maintain it and activate it or repair it
> as necessary.

Please don't top-post.

You will recall that block zero has been wiped, new partition tables
have been installed, and new filesystems created.  At worst inactive
copis of one or more malwares lies in unused portions of the drives
where nothing in Debian will voluntarily or accidently activate it.

How can "home" check up on its trojan, maintain it, activate it or
repair it without the non-existent cooperation of the target system?

Your argument seems to be that if I have a dead burglar robot in my house,
the dead burglar robot's owner can call up the dead burglar robot and
instruct the dead burglar robot to unlock a door of my house so that the
dead burglar robot's owner can enter and repair the dead burglar robot.

--Mike Bird

Reply to:

References:
- Possible LKM Trojan installed
  - From: John <JohnRChamplin@columbus.rr.com>
- Re: Possible LKM Trojan installed
  - From: Mike Bird <mgb-debian@yosemite.net>
- Re: Possible LKM Trojan installed
  - From: Jude DaShiell <jdashiel@shellworld.net>

Prev by Date: Re: hda: DMA timeout error, is it a problem ?
Next by Date: Re: boot error
Previous by thread: Re: Possible LKM Trojan installed
Next by thread: Re: how to keep eth0 etch0 and not change`
Index(es):
- Date
- Thread