Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] lkm trojan...
  • From: Christoph Wegener <cwe@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 14 Jan 2002 19:32:07 +0100
  • Message-id: <3C432426.8BEF8D44@xxxxxxxxxxxxxxxxxxxxxx>
"EXTERN Schumacher Markus (Intern; AB/EBE)" wrote:

> Hi
>
> I found a possible lkm - trojan on my system !
> How can I get rid of this ?
>
> I detected it with chkrootkit. The infected file was ifconfig. I already
> replaced it and the file is no longer indicated as "INFECTED"
> But at the end of chkrootkit the lkm - warning still appears!

Perhaps this can help?!?
http://members.prestige.net/tmiller12/papers/lkm.htm
http://www.pimmel.com/articles/lkm-hacking.html

Christoph
--
.-. Ruhr-Universitaet Bochum
/v\ L I N U X Lehrstuhl fuer Biophysik
// \\ >Penguin Computing< c/o Christoph Wegener
/( )\ Gebaeude ND 04/Nord
^^-^^ D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626
mailto:cwe@xxxxxxxxxxxxxxxxxxxxxx http://www.bph.ruhr-uni-bochum.de



< Previous Next >