[ale] New Linux Rootkit
Jay Lozier
jslozier at gmail.com
Tue Nov 20 15:11:06 EST 2012
On 11/20/2012 02:18 PM, David Tomaschik wrote:
> Looks like it's targeting 64-bit Debian:
> https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com <mailto:david at systemoverlord.com>
Quick question - how does determine if the rootkit is running? I tried
ps -u foo and did not see any listings for its processes. Also, the
article was some what confusing about who is at risk. The kernel
mentioned is used by Debian but it is an older version (2 something) not
a 3 series and it is not clear to me if that is important.
I am using Mint 13 64 bit
--
Jay Lozier
jslozier at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20121120/d21237f0/attachment.html>
More information about the Ale
mailing list