So _that's_ what happened! Sneaky, sneaky... Thanks, Fooler. :) On Thu, Apr 30, 2009 at 6:07 AM, fooler mail <[email protected]> wrote:
> On Wed, Apr 29, 2009 at 10:18 PM, Cupid Soriano <[email protected]> > wrote: > > Thanks in advance for the effort, fooler. Here you go: > > # strace mkdir 123 > > umask(0) = 022 > > umask(022) = 0 > > mkdir("123", 0777) = -1 ENOENT (No such file or directory) > > stat64("123", 0xbfef3800) = -1 ENOENT (No such file or directory) > > your box infected by one of the variants of LKM rootkit... the link > below will give you an idea... > > http://forums.techwatch.com.au/viewtopic.php?f=22&t=5823 > > there are other variants as stealthy as possible... they wont give you > an error if you mkdir <numeric name>... > > fooler. > + there are no such thing as 100% bullet proof security system... only > layers of defense... > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- It's not what's inside that matters. It's what you do that defines you. Do Good. Do It Well. (TM)
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
