[olug] Security breach?
aric at omahax.com
aric at omahax.com
Wed Jun 6 20:10:05 UTC 2012
Is there something that does a hash compare of all the binaries, installed
packages, etc. and can be ran from removable, bootable media?
> Given that your computer is compromised, reinstall. You don't know
> what binaries have been replaced, rootkit-style. Sure you can do
> something along the lines of "md5sum `which md5sum`, although if I
> were to write a rootkit, that's one of the things I would patch to
> avoid my own binaries.
>
> On Tue, Jun 5, 2012 at 4:20 PM, <aric at omahax.com> wrote:
>> I would be surprised if you or your system was the cause. I recommend
>> looking at the email message headers to see where it came from. You
>> also
>> may want to sniff your network to see if you are sending stuff out or
>> scanning for port 25 connections.
>>
>>> I'm running MandrivaLinux x64 2011 (KDE4) updated behind a commercial
>>> Trendnet
>>> router.
>>>
>>> I notice I've begun receiving spam emails supposedly from people in my
>>> address
>>> book (thunderbird). When I run 'top' I don't find any obvious intruder
>>> files. Having received three of these now, all from different
>>> addresses
>>> and
>>> people, I suspect my computer is compromised.
>>>
>>> This prompted me to check my security settings. Turns out I had left
>>> the
>>> firewall down from my last full re-install a couple of weeks ago. It's
>>> back up.
>>>
>>> Any suggestions for ridding a Linux system of malware?
>>>
>>> Jack
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list