>On Sun, 14 Mar 2010 20:54:28 +0530
>Raj Mathur wrote:
>
> Great, on sending this mail I get back this message back from a mail
> server:
>
> Microsoft Forefront Security for Exchange Server has detected a virus.
> Virus name: +ACI-Mal/Iframe-I+ACI-
> File name: +ACI-Body of Message+ACI-
> Stat
>On Sun, 14 Mar 2010 18:34:39 +0530
>Raj Mathur wrote:
>
> Anything that looks odd, actually. It's difficult to generalise, but
> usually file names starting with . or space, file/directory names
> containing spaces, executable files are things I would look for.
>
OK sir-ji !
>
> No, the f
On Sunday 14 Mar 2010, Raj Mathur wrote:
> On the other hand, someone may be familiar with this specific trojan
> and be able to give advice much more relevant than my general
> observations.
Great, on sending this mail I get back this message back from a mail
server:
Microsoft Forefront Secur
On Sunday 14 Mar 2010, newlx...@yahoo.co.uk wrote:
> >On Sun, 14 Mar 2010 10:18:04 +0530
> >
> >Raj Mathur wrote:
> > > 1) How can we detect that someone has intruded / hacked our linux
> > > box ? 2) Which commands to use for such detection ?
> >
> > Apart from the standard places to look (/tmp,
On Sun, Mar 14, 2010 at 6:16 AM, Pats wrote:
>
> 1) How can we detect that someone has intruded / hacked our linux box ?
Audit file signatures using aide or tripwire. It is important to
keep a 'read only' copy of the initial signatures offline and *not* on
the system itself for the cracker to h
>On Sun, 14 Mar 2010 10:18:04 +0530
>Raj Mathur wrote:
> > 1) How can we detect that someone has intruded / hacked our linux box
> > ? 2) Which commands to use for such detection ?
>
> Apart from the standard places to look (/tmp, /var/tmp, all HTTP domain
> directories)
>
What signs / o/puts
On Sunday 14 Mar 2010, Pats wrote:
> 1) How can we detect that someone has intruded / hacked our linux box
> ? 2) Which commands to use for such detection ?
Apart from the standard places to look (/tmp, /var/tmp, all HTTP domain
directories) you can use a tool called rkhunter (RootKit Hunter) to
