Full Disclosure mailing list archives
Re: Removing ShKit Root Kit
From: Brian Eckman <eckman () umn edu>
Date: Tue, 23 Dec 2003 13:49:44 -0600
Jason wrote:
OK, so how does the attacker get the ADS to run? If you open something.txt in notepad, it doesn't launch the ADS 'trouble.exe' as an executable file. It's ignored.The easy answer is start a command prompt and type start something.txt:trouble.exe
You totally missed my point. If the hacker can run "start" anything on your system, it's game over anyway.
-- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota "There are 10 types of people in this world. Those who understand binary and those who don't." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Removing ShKit Root Kit, (continued)
- Re: Removing ShKit Root Kit Larry W. Cashdollar (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Gregory A. Gilliss (Dec 22)
- Re: Removing ShKit Root Kit Ron DuFresne (Dec 22)
- Re: Removing ShKit Root Kit Paul J. Morris (Dec 22)
- RE: Removing ShKit Root Kit Nick FitzGerald (Dec 22)
- Re: Removing ShKit Root Kit Alexander Schreiber (Dec 22)
- Re: Removing ShKit Root Kit Jason (Dec 22)
- Re: Removing ShKit Root Kit Cael Abal (Dec 23)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 23)
- Re: Removing ShKit Root Kit Gregory A. Gilliss (Dec 23)
- Re: Removing ShKit Root Kit Jason (Dec 23)