On Wed, Apr 27, 2005 at 05:14:51PM +0200, Daniel Kirsten wrote: > Yesterday, I examined the directory ~daikanyama/.undernet and probably I > executed mech as root. The file mech is indeed infected by Linux/Rst-B. > This explains everything....... > Does anyone know whether .undernet/mech has another purpose than > distributing the Linux/Rst-B virus??? It looks like an IRC bot. I imagine the script kiddies who broke into your machine weren't even aware that the files are infected. (Or maybe, they were hoping you'd find them and execute them and make the virus spread to root, giving them a backdoor. But I bet that's giving too much credit.) -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 80 degrees Fahrenheit.
