Mon Feb 7 10:29:41 EST 2005
binaries, and not the kernel itself. So, one could "cat" through
/proc instead of using `ps', for looking for errant processes. Also,
one could use the emacs directory editor to look for files. It's
curious that "find" and "echo" aren't whacked (echo * makes for a
jiffy ls, especially if your PATH is hosed, or worse, your /bin).
I suppose rootkik could be smart at whack libc though.
>>>>> "Michael" == Rosberg, Michael <m.rosberg at telesat.ca> writes:
Michael> chfn Trojaned! User->r00t
Michael> chsh Trojaned! User->r00t
Michael> inetd Trojaned! Remote access
Michael> login Trojaned! Remote access
Michael> ls Trojaned! Hide files
Michael> du Trojaned! Hide files
Michael> ifconfig Trojaned! Hide sniffing
Michael> netstat Trojaned! Hide connections
Michael> passwd Trojaned! User->r00t
Michael> ps Trojaned! Hide processes
Michael> top Trojaned! Hide processes
Michael> rshd Trojaned! Remote access
Michael> syslogd Trojaned! Hide logs
Michael> linsniffer Packet sniffer!
Michael> fix File fixer!
Michael> z2 Zap2 utmp/wtmp/lastlog eraser!
Michael> wted wtmp/utmp editor!
Michael> lled lastlog editor!
Michael> bindshell port/shell type daemon!
Michael> tcpd Trojaned! Hide connections, avoid denies
__@ Greg Franks <| _~@ __O
_`\<,_ Ottawa, Ontario, Canada |O\ -^\<;^\<,
(*)/ (*) (*)--(*)%---/(*)
"Where do you want to go today?" Outside.
More information about the OCLUG