From owner-freebsd-security  Wed Nov 14  9: 8:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 67C1D37B405
	for <freebsd-security@FreeBSD.org>; Wed, 14 Nov 2001 09:08:11 -0800 (PST)
Received: from localhost (arr@localhost)
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id fAEH7vm69165;
	Wed, 14 Nov 2001 12:07:57 -0500 (EST)
	(envelope-from arr@FreeBSD.org)
X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs
Date: Wed, 14 Nov 2001 12:07:55 -0500 (EST)
From: "Andrew R. Reiter" <arr@FreeBSD.org>
X-Sender: arr@fledge.watson.org
To: Stefan Probst <stefan.probst@opticom.v-nam.net>
Cc: freebsd-security@FreeBSD.org, Rob Hurle <rob@coombs.anu.edu.au>
Subject: Re: AdoreWorm
In-Reply-To: <5.1.0.14.2.20011114183520.01e71d20@MailServer>
Message-ID: <Pine.NEB.3.96L.1011114120640.68964A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

:   What more happened / needs to be re-installed/deleted/killed...?

Look, while it may have not been done well, the person basically
backdoored your kernel.  For basically everything you do to interact with
your machine, you kinda "trust" your kernel for valid information.  With
that kernel backdoored, you pretty much can't trust anything it says.  

_reinstall_

Andrew

--
Andrew R. Reiter
arr@watson.org
arr@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message