Re: Am I infected with a rootkit?
On 2023-04-16 14:19, I wrote:
...
And there in the bash history were 4 lines that I had not written :-(
To summarize:
* Greg has convincingly argued that there is no way for the running
shell to get those lines into its history, other than by issuing them
over the ssh connection.
* We can therefore assume that the problem originated at the Windows
machine (the ssh client).
* It seems that an intruder has had control over the Windows machine,
including the ssh session, and thus, at least in principle, could have
done harm also to the Linux machine.
* There is, however, no sign of an infection of the Linux machine. And
the 4 lines do not suggest that whoever issued them knows what he's doing.
* So I am going to assume that the Linux machine is ok.
* The Windows machine could be infected with something that allows
remote control.
* So I should probably reinstall the Windows machine from scratch - or
perhaps restore a really old backup (I have one from July 2022, one from
2020, and one taken shortly after the original install in 2016).
Many thanks to everybody who answered!
Jesper
--
Jesper Dybdal
https://www.dybdal.dk
Reply to: