MA-026.062001: Rootkit Attack

MyCert says, MyCERT received reports lately of intruders activity of root compromise involving Linux and SUNOS machines. Upon analysis of victim’s machines, MyCERT discovered that the machines have been attacked and installed with rootkit, versions ‘t0rnkit’, or ‘tornkit’, lrk, adore and rootkitsunos which cause root compromise of the machines. Rootkits are not something new and have been used by intruders for several years.Rootkit’s lineage can be traced back to as early as 1994 and since then it has been anonymously referred to in various CERT and CIAC advisories. Rootkit is a collection of programs which allows an intruder by hiding his/her presence to install and run an Ethernet sniffer on a SUNOS or Solbourne host using /dev/nit or Linux host using the eth0 interface. Using the sniffer program, an intruder can obtain the userids and passwords, including root to your most sensitive networked system. Read more.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s