[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: Backdoor over http(s)??



Stefan Andreas Tichy wrote:

http://218.234.171.84/manual/.x/

Complete directory listing, very nice ;-)

...


Looking there, I downloaded a "lk" file. It is a tar.gz file in reality. It is definitely a rootkit. It contains a new crond, login, ps, etc. If the end result weren't so sickening, this would be exciting (academically speaking).

Kevin


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here