RE: Strange connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Well, I wad in the progres to reinstall that box anyway, so it's not a big
deal.
This is the first time I unwillingly and unknowingly was hacked, it's
obviously a new experience.

Just a thought, one of the url's that planted these things is still
active, I should report it I think.

With best regards

Tomas Larsson
Sweden

Verus Amicus Est Tamquam Alter Idem

> -----Original Message-----
> From: fedora-list-bounces@xxxxxxxxxx 
> [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Scot L. Harris
> Sent: Wednesday, July 20, 2005 3:21 AM
> To: For users of Fedora Core releases
> Subject: Re: Strange connection
> 
> 
> On Tue, 2005-07-19 at 20:57, jdow wrote:
> > From: "Tomas Larsson" <ktl@xxxxxxxxxx>
> > 
> > > gulie.tgz, this one is clearly a virys, symantec calls it 
> > > "Linux.RST.B"
> > > 
> > > The others is
> > > 
> > > cycomm.tar.gz
> > > roots.tar
> > > 
> > > Haven't got a clue what it is, but I don't think they are nice.
> > > 
> > > Now, the big question is, will they affect other boxes on the 
> > > network as well. I assume that the XP-Boxes should be alright.
> > 
> > Assume NOTHING. It could be setup now to spread Windows 
> viruses. Make 
> > sure all the other machines on your network are not infected. 
> > Basically you're toast, I fear.
> 
> While it is not impossible it is unlikely.  They were most 
> likely looking to take control to setup a spam bot or jumping 
> off point to attempt take over of other unix systems.  
> 
> But it is a good idea to sweep all other systems.  
> 
> Note: this is not your typical virus.  An exploit in an 
> application, most likely phpBB, was used to load code on the 
> system.  This was then executed to either attempt connection 
> to a control channel or elevate privileges.  
> 
> Either way it requires a bare metal install to make sure it 
> is cleaned out.
> 
> 
> -- 
> Scot L. Harris
> webid@xxxxxxxxxx
> 
> If I can have honesty, it's easier to overlook mistakes.
> 		-- Kirk, "Space Seed", stardate 3141.9 
> 
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> 

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux