Full Disclosure mailing list archives
Re: Removing ShKit Root Kit
From: Brian Eckman <eckman () umn edu>
Date: Mon, 22 Dec 2003 14:12:53 -0600
Schmehl, Paul L wrote: <snip>
This advice is common, and it's always mystified me. Why would you want backups of the "data"? If the box is compromised, you can't trust *anything* on it, can you? How can you know for certain that "data" isn't a cleverly concealed backdoor?
Hmmm. Well, if the execute bit isn't set, then I'd assume it can be considered relatively safe. If the attacker can later find a way to chmod it and then execute it with the privliges needed to make it harmful, then I imagine that they could find other ways of compromising your machine as well.
For Windows, if it's a backdoor that is named something.txt, well, again, the attacker would have to find a way to rename that file and execute it with appropriate permissions. Again, I imagine that if they can do that, that they could find other ways of compromising your machine as well.
<snip> Brian -- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota "There are 10 types of people in this world. Those who understand binary and those who don't." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Removing ShKit Root Kit Chris (Dec 21)
- Re: Removing ShKit Root Kit Cael Abal (Dec 21)
- Re: Removing ShKit Root Kit Alexander Schreiber (Dec 21)
- Re: Removing ShKit Root Kit Chris (Dec 22)
- Re: Removing ShKit Root Kit Ron DuFresne (Dec 22)
- <Possible follow-ups>
- Re: Removing ShKit Root Kit nicholas (Dec 22)
- Re: Removing ShKit Root Kit Wesley D Craig (Dec 22)
- re: Removing ShKit Root Kit nicholas (Dec 22)
- RE: Removing ShKit Root Kit Schmehl, Paul L (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Gino Thomas (Dec 22)
- Message not available
- Re: Removing ShKit Root Kit Gino Thomas (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Nathan Bates (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Nathan Bates (Dec 23)
- Re: Removing ShKit Root Kit Larry W. Cashdollar (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Gregory A. Gilliss (Dec 22)
- Re: Removing ShKit Root Kit Ron DuFresne (Dec 22)