On Tue, 2005-07-19 at 20:57, jdow wrote: > From: "Tomas Larsson" <ktl@xxxxxxxxxx> > > > gulie.tgz, this one is clearly a virys, symantec calls it "Linux.RST.B" > > > > The others is > > > > cycomm.tar.gz > > roots.tar > > > > Haven't got a clue what it is, but I don't think they are nice. > > > > Now, the big question is, will they affect other boxes on the network as > > well. I assume that the XP-Boxes should be alright. > > Assume NOTHING. It could be setup now to spread Windows viruses. Make > sure all the other machines on your network are not infected. Basically > you're toast, I fear. While it is not impossible it is unlikely. They were most likely looking to take control to setup a spam bot or jumping off point to attempt take over of other unix systems. But it is a good idea to sweep all other systems. Note: this is not your typical virus. An exploit in an application, most likely phpBB, was used to load code on the system. This was then executed to either attempt connection to a control channel or elevate privileges. Either way it requires a bare metal install to make sure it is cleaned out. -- Scot L. Harris webid@xxxxxxxxxx If I can have honesty, it's easier to overlook mistakes. -- Kirk, "Space Seed", stardate 3141.9
