Quoting Kyle Faber <
kyle@emr.net>:
>
> I have a client who has a nasty hacker problem. I have reason to believe
> that there is some sort of "sleeper" application inside some kind of hidden
> partition. I came to this conclusion after seeing evidence of the hack
> return on a repartitioned, formatted, disconnected machine. The hacked users
>
> returned, the machine begins to attempt to phone home. There is no evidence
>
> of any hidden partitions using linux fdisk.
>
> Any suggestions? I have heard some form of the dd command can be used to
> overwrite ALL information on this disk. Anyone have any tips for that? Or
> any tips in general, I am tearing my hair out on this one.
>
> Thanks a bunch!
> --
> Kyle Faber
> Account Manager
> EMR Internet
> kyle@emr.net
> 623-581-0842 voice
> 623-582-9499 fax
I understand that some demo software hides a key in the free space at the end of
the MBR so even if you reformat the drive you can't reinstall the demo version
after the expiry date.
Dennis Kibbe
-------------------------------------------------
This mail sent through IMP:
http://horde.org/imp/
(text/plain)