Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
From the point of view of the thief, this software is a trojan, and so the very first thing that (s)he has to do is disable it: if such only requires rm-ing some bash scripts it's a way too easy.
Prey: Open source theft recovery
Posted Jul 7, 2011 9:33 UTC (Thu) by akumria (subscriber, #7773)
Or, just as simple, ensure that the target domain never resolves to anything useful.
Posted Jul 7, 2011 10:26 UTC (Thu) by pcampe (guest, #28223)
1. rm -f usual_path_of_prey/usual_file_1
2. rm -f usual_path_of_prey/usual_file_2
It's also true that, before issuing 1. and 2., the system is up and running, and so there is a small window of opportunity for Prey to call the target domain and downloading instructions (if there is some network connectivity, and it's a big if) but it's not bullet-proof; so it seems to me that some kind of obfuscating executables is worth of; am I missing something?
Posted Jul 7, 2011 19:55 UTC (Thu) by n8willis (editor, #43041)
Posted Jul 8, 2011 7:55 UTC (Fri) by pcampe (guest, #28223)
Posted Jul 8, 2011 15:16 UTC (Fri) by n8willis (editor, #43041)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds