> > There's a small risk that you have the 't0rnkit' rootkit
> > installetd on your RaQ4. You can read more about this at CERT:
> s:/small/HUGE
>
> Please see [..]
> http://www.mail-archive.com/[email protected]/msg09076.html
>
> Note the line:
> "You will probably also find the fake SSH running as nscd (/usr/sbin/nscd or
> similar)."
>
> Your host has definitely been compromised.
The post says that IF you have the t0rn rootkit on your computer, you will
PROBABLY find ssh running as nscd. But if you find ssh running as nscd, how
high is the risk that you have the t0rn rootkit? The post doesn't say!
It may be as you say, that the risk is HUGE, but you have presented no evidence
to support this claim. It is certainly true though, that the host has most
likely been compromised.
My apologies to those who think that this is a minor matter.
Sincerely,
Ake Brannstrom
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
