[cobalt-security] L337 H4x0rZ TUL2!!!...

["Michael J. Cannon" <mcannon@xxxxxxxxxxxxxx>]

at Security Focus
http://www.securityfocus.com/frames/?content=/templates/forum_message.html%3
fforum=2%26head=4871%26id=4871 .

This is basically an analysis of KNARK, a rather devious rootkit that is
currently proliferating on the web currently.  Many of us (including me)
have probably come into contact with this (to our dismay) and not known who
or what to thank for our lack of sleep.  Here it is.

About as safe a way to see this stuff at work as can be seen (since someone
else takes all the risks - in a VERY controlled environment).  Well worth
the reading for insight as to what happened or what is about to come your
way.

The BAD new:  it is eminently untraceable and, without a lot of security and
computer forensics experience, IMPOSSIBLE to track the perp.  Don't try,
especially if you still have the box on the web.  Just take it down and wipe
it and restore it.  Give up.

The worse news:  it takes advantage of some rather clever exploits that
involve features in the Linux kernel that are difficult (if not impossible)
to do without completely.  It is easy to use, powerful and NASTY.  Worse, it
is customizable and 'skinnable,' to make it easier for them and more
difficult for you.

Bottom line:  Get REAL smart on security issues on all your platforms REAL
QUICK!!!!!!!!!!
Otherwise, find yourself a good security consultancy or partner(s).  Don't
guess.  Don't delay.  Don't assume because you're not on Linux or Windows,
you're safe.  Things seem to be getting worse.