[SGVLUG] Discovering a rootkit [was: Re: linux-friendly netbooks]

Charles Wyble charles at thewybles.com
Thu Sep 3 13:04:33 PDT 2009



John E. Kreznar wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> In a message purporting to be from Sean <sean at seanodonnell.com> but
> lacking a digital signature, it is written:
> 
>> I have the EPC1000HD, which came stocked with Windows XP. 
> 
>> I soon replaced the Windows XP OS after discovering 1 week later that it had
>> included a Sino rootkit/keylogger, which either came out of the box (thanks
>> Asus), or was somehow embedded in a version of Cygwin that I had downloaded
>> from anl.gov mirrors.
> 
> Fascinating!  How did you discover it?  What did it look like?  Did
> you save anything that you could show?
> 

What he said.

QED please :)


More information about the SGVLUG mailing list