[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] a little help needed with identifying a rootkit

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] a little help needed with identifying a rootkit
From: Feher Tamas <etomcat@freemail.hu>
Date: Tue, 3 Feb 2004 18:39:04 +0100 (CET)

>The SuSE security lists is having a little discussion about a
>possible hacked SuSE 8.2 machine. There is a rather big
>chance the system has been injected a script which
>downloaded stuff from here:
>http://218.234.171.84/manual/.x/

This is what Kaspersky AV with latest update says:

DO.PL infected: Backdoor.Perl.Doopel
I.TXT   infected: Backdoor.PHP.Pokeman
II.TXT  infected: Backdoor.PHP.Pokeman
R.PL  infected: Backdoor.Perl.Perlooper
RHS    infected: Backdoor.Linux.Krepper
CROND  infected: Trojan.Linux.Rootkit.o
LOGIN   infected: Trojan.Linux.Rootkit.o
PSTREE infected: Trojan.Linux.Rootkit.o

Regards: Tamas Feher.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Anyone interested to share OS mediums/sources?
Next by Date: RE: [Full-Disclosure] smbmount disrupts Windows file sharing.
Previous by thread: [Full-Disclosure] Anyone interested to share OS mediums/sources?
Next by thread: [Full-Disclosure] more security people =3D less security
Index(es):
- Date
- Thread