[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Intrusion spyware malware key stroke detection



Right.

I guess my thought was that you may need root to kill the process(es). Not 
necessarily though.
For reporting purposes, I agree, log in as a non-super user.

Tim

Randall R Schulz <rschulz@xxxxxxxxx> wrote on 02/22/2006 10:44:23 AM:

> Tim, Martin,
> 
> On Wednesday 22 February 2006 07:07, trainier@xxxxxxxxxx wrote:
> > I wrote an agent that watches current google search queries in
> > realtime (not quite realtime, but quite close)
> > This is not hard to do, either.  I suspect this is what's going on.
> >
> > Log into your machine as root and do a ps aux and show us the output.
> 
> Why as root? There is no output from "ps" that's available to root only. 

> At the same time, if there actually were some spyware or other exploit 
> with a foothold on the OP's system (very unlikely, I agree), then 
> exposure could conceivably be increased by logging in as root.
> 
> 
> >  I highly doubt there is a piece of malware
> > running, but it's worth checking for.
> >
> > Tim
> >
> > ...
> > > >  Everyday I am seeing spam email which is a reflection of complex
> > > > sensitive key word phrases I had typed into google just  a few
> > > > days previously.
> 
> If these "complex" "key word phrases" (a contradiction in terms, by the 
> way) are truly "sensitive," then you should not be sending them to 
> Google. While Google may (for now) protect search terms from being 
> associated with the individuals that submit them, they do not in any 
> way guarantee that all they'll do with them is use them to conduct the 
> search you request.
> 
> 
> Randall Schulz
> 
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
> 


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here