rootkit?
Scot L. Harris
webid at cfl.rr.com
Sun Dec 11 05:51:22 UTC 2005
On Sun, 2005-12-11 at 00:45, Gene Heskett wrote:
> On Sunday 11 December 2005 00:35, Craig White wrote:
> >On Sun, 2005-12-11 at 00:31 -0500, Gene Heskett wrote:
> I forgot to mention that all the unpacked files are in his sons name,
> an unpriviledged user, but with a very weak password. So we think it
> came in and was running as this user. His son, taking comp sci
> courses as a junior in college now, simply would never have done this,
> its just not his style. All he ever uses is email & a web browser.
Sounds like a guessed password then. Regardless, the best thing to do
is to rebuild from scratch and then set strong passwords on all
accounts. That is the only way to be sure the system is really back
under your control.
More information about the users
mailing list