[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FE75045.1090005@umn.edu>
From: eckman at umn.edu (Brian Eckman)
Subject: Removing ShKit Root Kit
Schmehl, Paul L wrote:
<snip>
> This advice is common, and it's always mystified me. Why would you want
> backups of the "data"? If the box is compromised, you can't trust
> *anything* on it, can you? How can you know for certain that "data"
> isn't a cleverly concealed backdoor?
Hmmm. Well, if the execute bit isn't set, then I'd assume it can be
considered relatively safe. If the attacker can later find a way to
chmod it and then execute it with the privliges needed to make it
harmful, then I imagine that they could find other ways of compromising
your machine as well.
For Windows, if it's a backdoor that is named something.txt, well,
again, the attacker would have to find a way to rename that file and
execute it with appropriate permissions. Again, I imagine that if they
can do that, that they could find other ways of compromising your
machine as well.
<snip>
Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
"There are 10 types of people in this world. Those who
understand binary and those who don't."
Powered by blists - more mailing lists