While he was hardly broadcasting his presence, someone might
discover his arrival simply by looking at who was logged in on the
list of accounts in the password file. He had given his backdoor root
account a bland name, but he could reasonably assume that these three
users knew their system pretty well. And with only three users, it was
probably the kind of system that had lots of babysitting. After all
that effort, Anthrax needed a watchful nanny like a hole in the head.
He worked at moving into the shadows.
He removed himself from the WTMP and UTMP files, which listed who had
been on-line and who was still logged in. Anthrax wasn't invisible,
but an admin would have to look closely at the system's network
connections and list of processes to find him. Next stop: the login
program.
Anthrax couldn't use his newly created front-door account for an
extended period--the risk of discovery was too great. If he accessed
the computer repeatedly in this manner, a prying admin might
eventually find him and delete his account. An extra account on a
system with only three users was a dead give-away. And losing access
to System X just as things were getting interesting was not on his
agenda.
Pages:
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629