New In-Memory Rootkit Discovered By German Hoster 91
New submitter einar2 writes "German hoster Hetzner informed customers that login data for their admin surface might have been compromised (Google translation of German original). At the end of last week, a backdoor in a monitoring server was found. Closer examination led to the discovery of a rootkit residing in memory. The rootkit does not touch files on storage but patches running processes in memory. Malicious code is directly injected into running processes. According to Hetzner the attack is surprisingly sophisticated."
Re:Kinda cool that they found it (Score:5, Funny)
Even if you notice strange traffic, how do you actually find something that is only in memory?
Through the power of Jesus Christ, our Lord and Savior.
Re:Kinda cool that they found it (Score:5, Funny)
On a VMWare server I would create a snapshot and then analyze the contents of the memory
I don't always examine a couple gigs of raw memory with no context on a summer Friday but when I do I prefer Xen.
Re:Kinda cool that they found it (Score:1, Funny)
Re:Kinda cool that they found it (Score:4, Funny)
i think you mean XXen
Re:Do they tell us? (Score:4, Funny)
My real fear is that it's not because of willful lack of reporting of the breeches, but that the breeches are going on completely undetected that we aren't hearing more about them.
Bah, I can usually detect breeches by means of a quick visual scan, so I don't think that they can go undetected. I suspect that breeches are seldom reported these days because of the declining horse population.