Quoting Kyle Faber <kyle@emr.net>:

> 
> 	I have a client who has a nasty hacker problem.  I have reason to believe 
> that there is some sort of "sleeper" application inside some kind of hidden 
> partition.  I came to this conclusion after seeing evidence of the hack 
> return on a repartitioned, formatted, disconnected machine.  The hacked users
> 
> returned, the machine begins to attempt to phone home.  There is no evidence
> 
> of any hidden partitions using linux fdisk.
> 
> Any suggestions?  I have heard some form of the dd command can be used to 
> overwrite ALL information on this disk.  Anyone have any tips for that?  Or 
> any tips in general, I am tearing my hair out on this one.
> 
> Thanks a bunch!
> -- 
> Kyle Faber
> Account Manager
> EMR Internet
> kyle@emr.net
> 623-581-0842 voice
> 623-582-9499 fax

I understand that some demo software hides a key in the free space at the end of
the MBR so even if you reformat the drive you can't reinstall the demo version
after the expiry date.

Dennis Kibbe


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/