Low level format
Dennis Kibbe
Sun, 27 Apr 2003 17:33:32 -0700
Quoting Kyle Faber <kyle@emr.net>:
> I have a client who has a nasty hacker problem. I have reason to believe
> that there is some sort of "sleeper" application inside some kind of hidden
> partition. I came to this conclusion after seeing evidence of the hack
> return on a repartitioned, formatted, disconnected machine. The hacked users
> returned, the machine begins to attempt to phone home. There is no evidence
> of any hidden partitions using linux fdisk.
> Any suggestions? I have heard some form of the dd command can be used to
> overwrite ALL information on this disk. Anyone have any tips for that? Or
> any tips in general, I am tearing my hair out on this one.
> Thanks a bunch!
> --
> Kyle Faber
> Account Manager
> EMR Internet
> kyle@emr.net
> 623-581-0842 voice
> 623-582-9499 fax
I understand that some demo software hides a key in the free space at the end of
the MBR so even if you reformat the drive you can't reinstall the demo version
after the expiry date.
Dennis Kibbe
This mail sent through IMP: http://horde.org/imp/