From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755069Ab1CNTIQ (ORCPT ); Mon, 14 Mar 2011 15:08:16 -0400 Received: from hrndva-omtalb.mail.rr.com ([71.74.56.125]:50860 "EHLO hrndva-omtalb.mail.rr.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754103Ab1CNTIO (ORCPT ); Mon, 14 Mar 2011 15:08:14 -0400 X-Authority-Analysis: v=1.1 cv=+c36koQ5Dcj/1qolKHjtkYAGXvrVJRRiKMp+84F5sLg= c=1 sm=0 a=kj9zAlcOel0A:10 a=OPBmh+XkhLl+Enan7BmTLg==:17 a=8ay18EP6JawgJkOppFkA:9 a=STU5Nh2EyKT_pFI7-50A:7 a=9z18sXdSaBXMR4sN7rNGKkOdXfgA:4 a=CjuIK1q_8ugA:10 a=OPBmh+XkhLl+Enan7BmTLg==:117 X-Cloudmark-Score: 0 X-Originating-IP: 67.242.120.143 Date: Mon, 14 Mar 2011 15:08:13 -0400 From: Steven Rostedt To: Justin Cc: linux-kernel@vger.kernel.org Subject: Re: milw0rm rootkit Message-ID: <20110314190813.GC20259@home.goodmis.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Mar 13, 2011 at 07:31:43PM -0700, Justin wrote: > My mothers computer was hacked with a program that seems to be Your mom runs Linux? Which distro? > milw0rm. The hacker left the source file in C on her computer. I have > it and the IP address of the FTP server that he seemed to download it > from. Who can I give the file to to be sure that it gets patched? And > is there anything else I should do to help you guys make sure that > this doesnt happen again? This is the Linux kernel mailing list, which I'm pretty sure was not the cause of the hack, and thus the wrong list. Please contact the people from the distribution that you are using. -- Steve > > I am not on the list, so please CC me any responses, thanks