Root Kit Found
Impact
Allows a malicious user to move
about a system undetected. The root kit replaces certain
UNIX based commands like; ls, pwd, tar, ps, ifconfig, netstat.
If the user was able to modify the logs, to hide the existence
of a break in, and install a root kit, a system administrator
might not ever find out that the user is on the system.
Background
Resolution
If the system has been compromised the operating
system must be reinstalled. If the backup of the system
Can be confirmed not to have the root kit, then a
backup can be used. The problem with the situation is
that there are a number of different root kits in existence,
and each replaces different commands. Therefore, a system administrator
will never be able to tell exactly what system files have been replaced
unless they go through each one the commands (ls, du, df, pwd, ifconfig, etc).
Where can I read more about this?