Swansea University gets rootkitted

Swansea University’s front page appears to have been rootkitted at some point over the last 48 hours [via davea]:

Swansea Uni Rootkit Thumbnail

w00t. I wonder if this has anything to do with recent hacks on the uni servers, or if it’s an unrelated incident…

(Ten hours later, Sunday evening, and the server is still 0wnz3d. I guess the concept of 24-hour cover doesn’t extend into academia. Hopefully the kiddies aren’t using the box for anything nasty, like spamming…)

2 Responses to “Swansea University gets rootkitted”

  1. November 22nd, 2005 | 3:43 am

    Terminology terminology … ;)

    I think you mean “rooted” not “rootkitted”. A rootkit is run by a hacker once they have rooted a box, usually to scrub logfiles, install cloaking trojans of important admin tools (ps, top, netstat etc) and remove any evidence of the hack. Hardly the objective if they’re planning to deface the frontpage!

    The box was rooted (probably remote root) then defaced, not rootkitted.


  2. November 23rd, 2005 | 1:54 pm

    Good point, and thanks for your pickiness. :-) Of course, what I really meant to say was p0wn3d, anyway.