[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] searching for Showtee docu

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] searching for Showtee docu
From: Joachim Schipper <j.schipper@xxxxxxxxxx>
Date: Sun, 20 Nov 2005 12:20:15 +0100

On Sun, Nov 20, 2005 at 03:19:49AM +0100, Herr Zobel wrote:
> Hello,
> 
> im searching for more information about Showtee rootkit.
> 
> I have a system commpromised by some LKM and Showtee rootkit according to
> chkrootkit.
> 
> I got rid of libproc.a modifications but dont know where to begin
> searching for Showtee information.
> 
> Can someone direct me to any links regarding Showtee?
> 
> Thanks in advance
> Michel Zobel

There are two reasons for asking this. The first is that you have saved
the offending system's drives, and want to find out exactly what
happened after you rebuilt the system in a more secure way. In that
case, I am afraid I won't be much help, as I don't know that much about
rootkits.

The second case is that you seem to believe you can clean the box. That
is not the case. Wipe and rebuild, (more) securely this time.

                Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] searching for Showtee docu
  - From: Herr Zobel

Prev by Date: Re: [Full-disclosure] Framework for the aid of exploiting SQL injection
Next by Date: Re: [Full-disclosure] unknown windows rootkit
Previous by thread: [Full-disclosure] searching for Showtee docu
Next by thread: [Full-disclosure] Metro Olografix Crypto Meeting 2006 CFP
Index(es):
- Date
- Thread