Security Incidents mailing list archives
Re: Machine compromised, rootkit and DDoS tools installed.
From: Chris Keladis <Chris.Keladis () CMC CWO NET AU>
Date: Mon, 25 Sep 2000 01:24:52 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 04:56 PM 9/21/00 -0500, Jeremy L. Gaddis wrote:
Oh, one last bit, a file named "shitc.tgz" was found on the filesystem. I also noticed a message in sendmail's logs from root to "shitc () altavista com."
Interesting. I had the displeasure of dealing with the "shitc" (??) rootkit. I'm still poking around the various bins, and i don't have a Linux box handy to test it all on, but at first glance i did not see any TFN daemons in my copy. I noticed alot of "script-kids" are getting hotmail & yahoo accounts for "reconnissance". I wonder what their AUP says about that? Regards, Chris -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOc+0lCEx0akmf5vwEQITWgCgvdiHASOgNnvcgazoGqXluRREw4MAoIe/ yIZC6SpkaYlE7d4FIjfM6vgf =xcwW -----END PGP SIGNATURE-----
Current thread:
- Machine compromised, rootkit and DDoS tools installed. Jeremy L. Gaddis (Sep 22)
- Re: Machine compromised, rootkit and DDoS tools installed. Chris Keladis (Sep 25)
- Re: Machine compromised, rootkit and DDoS tools installed. Ben Belchak (Sep 25)
- <Possible follow-ups>
- Re: Machine compromised, rootkit and DDoS tools installed. H Carvey (Sep 24)
- Re: Machine compromised, rootkit and DDoS tools installed. Jeremy L. Gaddis (Sep 24)
- Re: Machine compromised, rootkit and DDoS tools installed. Chris Keladis (Sep 25)