[ale] New Linux Rootkit

Jay Lozier jslozier at gmail.com
Tue Nov 20 17:17:17 EST 2012


On 11/20/2012 04:53 PM, Scott Plante wrote:
> Well, for one thing, it adds a line to /etc/rc.local. So you could 
> take a look at that and see if there's anything out of place.
> Scott
> ------------------------------------------------------------------------
> Jay Lozier asked:
>
> Quick question - how does determine if the rootkit is running?
>
Looking at /etc/rc.local the only executable line is exit 0 and the 
comments state the by default it does nothing.

-- 
Jay Lozier
jslozier at gmail.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20121120/0a147e86/attachment.html>


More information about the Ale mailing list