[clug] chkrootkit: LKM Trojan?
pearl.louis at anu.edu.au
Thu Apr 1 01:20:33 GMT 2004
I think you're just enjoying my pain and suffering :)
But it turns out to be a false alert by chkrootkit. From reading their
mailing list archives it seems it has problems with how 2.6 kernels handle
their processes. Applying the patch they released in January and recompiling
seems to have made the LKM Trojan kernel warning disappear.
On Thu, 1 Apr 2004 10:33 am, Peter Barker wrote:
> On Thu, 1 Apr 2004, Jepri wrote:
> > Or you could just slap your knoppix cd into your CDROM drive, mount your
> > hard drive and check it, secure in the knowledge that none of your
> > anti-trojan tools have been tampered with.
> Ah, but have they flashed your bios with something which looks /just like/
> your old bios+lilo, but plays with your kernel before it gets booted?
> Not that I'm paranoid or anything... after all, I haven't mentioned the
> CPU microcode....
More information about the linux