Linux Anti-Spyware was: [lug] MS Anti-Spyware Tool Warning (Joke)

Zan Lynx zlynx at acm.org
Wed Jan 19 16:45:28 MST 2005


On Linux, spyware like ad poppers and home page redirectors isn't a big
deal since there isn't a lot of money in it.

The worst kind of spyware-ish problem on Linux is root kits.  These
allow someone to exploit your box once and then get in whenever they
want to later.  They hide and do their best to be hard to find.

I've never found any on my machines but I did discover one on a friend's
RedHat 6 box a few years ago.  I found it by watching traffic with
tcpdump and trying to figure out where it was coming from.  It was
surprising to find that it was coming from the machine itself and
netstat didn't know about it.

We rebooted from CD and found the root-kit hiding in /root/.something.
It had patched the kernel to not show that directory or its processes.
It apparently hadn't tried to hide its network packets.  Maybe newer
ones even do that.

This one would have never been found if its owner hadn't been using it
to flood an IRC server and making my friend's cable connection really
slow.

On Wed, 2005-01-19 at 16:19 -0700, Mike Stanczyk wrote:
> Ok, I'll ask the obvious question and bring it back on topic:
> 
> What are people using for antispyware on Linux?
> 
> I woud have thought it wasn't a problem yet but that's
> a real great way to get into trouble.
> 
> Mike
-- 
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20050119/b1784ff3/attachment.pgp>


More information about the LUG mailing list