Happy New Rootkit
(You can suggest changes to this post.)
Happy New Rootkit
I'm back from holidays, and had intended to write about all the interesting diving I had managed to get done.
Unfortunately, the machine of one of our clients was compromised this afternoon, so instead I'm currently in the process of cleaning things up. I know how the attackers got in, and I have clean backups that verify without an issue. The main thing now is gaining physical access to the machine and the dull dull task of cleaning the disks and initiating a restore. There's reason to believe that the kernel has been modified by a direct write to /dev/kmem, so nothing the machine tells me can possibly be trusted.
This particular compromise falls into the "What? I didn't know we had that installed (outside of the packaging system)" category.
3 Myths That Block Progress For The Poor
The belief that the world can’t solve extreme poverty and disease isn’t just mistaken. It is harmful. Read more...
This site is ad-free, and all text, style, and code may be re-used under
a Creative Commons Attribution 3.0 license.
If like what I do, please consider
supporting me on Patreon,
or donating via Bitcoin (1P9iGHMiQwRrnZuA6USp5PNSuJrEcH411f).