Bug#698046: Please upgrade to latest revision
Johan Walles
johan.walles at gmail.com
Sun Jan 13 13:02:40 UTC 2013
Package: unhide.rb
Version: 13-1.1
Severity: Wishlist
Please upgrade unhide.rb to the latest revision:
http://bazaar.launchpad.net/~walles/unhide.rb/trunk/changes/
The latest revision has been tested on a system infected by the Jynx
rootkit and adds the following features:
* Name the binaries hidden by the rootkit. Previously only the PIDs were
identified.
* Name the Jynx process / file hiding library on an infected system.
It also adds a few checks and is now a superset of running the original
unhide as "unhide-linux procall sys".
Performance-wise it's about 14x faster than the latest version of unhide
(7s vs 100s on my system).
The changes fix all issues mentioned in this post:
http://sourceforge.net/mailarchive/message.php?msg_id=28258660
Regards //Johan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/forensics-devel/attachments/20130113/9b0b9ff8/attachment.html>
More information about the forensics-devel
mailing list