April 2005 Archives

Rootkitted: A Simple Forensics Walk Through

| | Comments (1)

I was rootkitted. It's the first time it's happened to me at home. It was my own fault for using password auth for shell access and having a weak oracle user password. I first noticed a problem when my winamp wouldn't post "now playing" songs to my website. Then I went to examine my website and it had been completely deleted by the rootkit!!