rootkit?

Scot L. Harris webid at cfl.rr.com
Sun Dec 11 06:16:50 UTC 2005


On Sun, 2005-12-11 at 00:59, Kam Leo wrote:

> 
> Isn't rebuilding a little extreme?  If the cracker got into an
> unpriviledged user's account and no further isn't that particular user
> account the only thing at risk?  Shouldn't changing all passwords to
> strong ones and deleting the infected user account and files be
> sufficient?

How can you be sure they did not crack the root account and bury code on
the system to maintain control?  Or crack other user accounts?

If you take half measures and the system is compromised again you may
not know how or when it happened.  And if the cracker gets pissed that
you deleted his spam software he might use your system for other
purposes or cause other damage before you can get it cleaned out.

Hopefully his son learned from this why strong passwords are needed.





More information about the users mailing list