“I found on one of our machines (Linux) in the /tmp directory a
folder called “kokainkit” with the following files/directories
(someone obviously forgot to delete them…)”
“All I could find on the Web tells me this is a Trojan (knark
installs a hidden module), but what should I do now? I disconnected
the machine from the network. Is there a way to unhide the hidden
files? How did the attacker get in? (The machine was behind a
screening firewall.) Are there security professionals who would be
interested in the code to analyze?…”
“I’m looking for a tool that would allow me to read firewall
logs for investigation purposes (i.e., user John was connected to
www.ishouldn’tbehere.com, time and date and so on). I tried
WebTrends’ log analyzer and firewall, but they do not provide the
reporting that I’m looking for. Do you have any other
suggestions?…”