2014-02-17 15:49 GMT+01:00 Giancarlo Razzolini <[email protected]>:
>> Solution: static linking of critical binaries. >> >> I hope that my explanation was helpful. >> >> best regards, >> Daniel >> > Static linking does solves the issue with this particular rootkit, but > won't help with kmod rootkits. The truth is that there is no bullet > proof in any case, if your machine was compromised, you should assume > that it has some form of rootkit and should proceed with the full > re-installation of the OS. And you should scan very throughly your > backups to assure that they won't reinstall the rootkit. I'm not even > mentioning other forms of rootkits that are OS agnostic, such as BIOS, > MBR, etc. There are even HDD controller's backdoors these days: > http://spritesmods.com/?art=hddhack. briefly: that's right, but we're talking (only) about the vulnerabilities associated with LD_PRELOAD. Daniel > Cheers, > > -- > Giancarlo Razzolini > GPG: 4096R/77B981BC
