 | | | Red Hat Updates and SuckIT Rootkit Hits | Red Hat Updates and SuckIT Rootkit Hits 2005-10-06 - By Tim Edwards
Back
Shaw, Marco wrote:
>>All:
>>
>>Two days ago I ran the latest updates from Red Hat on a ES Rel. 3
>>server. After the updates were applied I got a hit on the SuckIT root
>>kit. We investigated that server and it did not appear to be
>>compromised. The next day we applied the updates to three more RH
>>servers and those three also reported SuckIT infections. We then ran
>>Rootkit Hunter on them and they all came back not infected
>>with SuckIT.
>>Has anyone else seen any hits on SuckIT after the current updates were
>>applied? It appears there may be a bug in the SuckIT check after these
>>Red Hat updates are applied. Thanks, Randy.
Glad I'm not the only one. After the RHEL3 U6 update chkrootkit started
reporting that the file /sbin/init was infected with the SuckIT rootkit
on some of our boxes. I did various things to try to determine if this
was true, I even went as far as booting one of the 'infected' machines
off the rescue CD and checking the MD5 sum of /sbin/init. I couldn't see
any sign of infection or suspicious stuff.
Anyone else have this happen?
--
Tim Edwards
--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list
|
|
|