[SGVLUG] Discovering a rootkit [was: Re: linux-friendly netbooks]
Charles Wyble
charles at thewybles.com
Thu Sep 3 13:04:33 PDT 2009
John E. Kreznar wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In a message purporting to be from Sean <sean at seanodonnell.com> but
> lacking a digital signature, it is written:
>
>> I have the EPC1000HD, which came stocked with Windows XP.
>
>> I soon replaced the Windows XP OS after discovering 1 week later that it had
>> included a Sino rootkit/keylogger, which either came out of the box (thanks
>> Asus), or was somehow embedded in a version of Cygwin that I had downloaded
>> from anl.gov mirrors.
>
> Fascinating! How did you discover it? What did it look like? Did
> you save anything that you could show?
>
What he said.
QED please :)
More information about the SGVLUG
mailing list