Information
Removal - 1
Removal - 2
Removal - 3
Pictures
Feedback
Useful Links

Pharmacy Alert Security Team
Feedback
Older Entries
Subscribe: Add to Google Add to My Yahoo! Subscribe in NewsGator Online Add to My AOL

Sat, 06 Oct 2007
Comments please
When a machine is hijacked as a
  1. proxy web server
  2. proxy image server
  3. proxy name server
there is a degree of damage performed by the hijacker.

This damage has become more severe over time. Functions removed may include
  • chattr
  • lsattr
  • wget
  • passwd
  • shutdown
  • shadowconfig
  • netstat
  • lsof
  • reboot


This information varies with time. If you are recovering a hijacked machine, please provide your experiences here for others to share. Please comment on whether the information contained here was sufficient for your purposes, and suggest any additions.
Posted 16:48 
 No comments | Post a comment


Sun, 03 Sep 2006
Respond with your experiences and questions
If you received a Pharmacy Alert, you can respond here with any questions and to share your experiences in removing the trojan

Thank you from the Pharmacy Alert Security Team
Posted 21:58 
 3 comments | Post a comment