As much as I distrust them, I would contact the FBI about that. There is
a very good chance that the system they tried to pull the rootkit from
had already been compromised, and the person responsible for that system
is completely unaware of the problem. If you sic the lawyers on them
first, they may be less likely to cooperate in trying to track the real
perpetrator down. The FBI can at least coerce cooperation and track the
person back to the originating machine.
Just my $0.001,
Kenny
John Abreau wrote:
> Somebody did this to one of our nameservers at work last week. The server
> hadn't yet been upgraded at the time, so they were able to install a
> script in /var/named that then pulled over a rootkit into /tmp.
> Fortunately, I had all our nameserver running named as an unprivileged
> user, so they were unable to actually install the rootkit, and their
> script died before deleting itself.
>
> The script rcp'ed the rootkit from an IP address and user account, which I
> passed on to my boss with the suggestion that he track this guy down and
> sic our lawyers on him.
>
> --
> John Abreau / Executive Director, Boston Linux & Unix
> ICQ#28611923 / AIM abreauj / Email [EMAIL PROTECTED]
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
