at Security Focus http://www.securityfocus.com/frames/?content=/templates/forum_message.html%3 fforum=2%26head=4871%26id=4871 . This is basically an analysis of KNARK, a rather devious rootkit that is currently proliferating on the web currently. Many of us (including me) have probably come into contact with this (to our dismay) and not known who or what to thank for our lack of sleep. Here it is. About as safe a way to see this stuff at work as can be seen (since someone else takes all the risks - in a VERY controlled environment). Well worth the reading for insight as to what happened or what is about to come your way. The BAD new: it is eminently untraceable and, without a lot of security and computer forensics experience, IMPOSSIBLE to track the perp. Don't try, especially if you still have the box on the web. Just take it down and wipe it and restore it. Give up. The worse news: it takes advantage of some rather clever exploits that involve features in the Linux kernel that are difficult (if not impossible) to do without completely. It is easy to use, powerful and NASTY. Worse, it is customizable and 'skinnable,' to make it easier for them and more difficult for you. Bottom line: Get REAL smart on security issues on all your platforms REAL QUICK!!!!!!!!!! Otherwise, find yourself a good security consultancy or partner(s). Don't guess. Don't delay. Don't assume because you're not on Linux or Windows, you're safe. Things seem to be getting worse. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
