Δημοσιεύτηκε: 10 Ιουν 2013, 18:51
Αυτό αναρτήσαν σήμερα στο wiki security, μπορεί κάποιος να δώσει περισσότερες πληροφορίες τι ακριβώς πρέπει να κάνω..
- Κώδικας: Επιλογή όλων
How can I detect an infection with malicious code?
The malicious program can be found for example as follows:
- create a memory dump of the SSHD
- run the strings command on the dump
- look for specific sequences of characters
If the system has been infected by the rootkit, the following strings can be found in the dump:
key=xxx
dhost=xxx
hbt=3600
sp=xxx
sk=xxx
dip=xxx
So, for example:
code:
1: aptitude install gdb
2: gdb --pid=`ps ax|grep "\/usr\/sbin\/sshd"|cut -d" " -f1`
3: > gcore
4: > quit
5: strings core.XXXXX |grep "key="
6:
Tool such as http://secondlookforensics.com/ should also be able to detect the backdoor.