Well, I wad in the progres to reinstall that box anyway, so it's not a big deal. This is the first time I unwillingly and unknowingly was hacked, it's obviously a new experience. Just a thought, one of the url's that planted these things is still active, I should report it I think. With best regards Tomas Larsson Sweden Verus Amicus Est Tamquam Alter Idem > -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Scot L. Harris > Sent: Wednesday, July 20, 2005 3:21 AM > To: For users of Fedora Core releases > Subject: Re: Strange connection > > > On Tue, 2005-07-19 at 20:57, jdow wrote: > > From: "Tomas Larsson" <ktl@xxxxxxxxxx> > > > > > gulie.tgz, this one is clearly a virys, symantec calls it > > > "Linux.RST.B" > > > > > > The others is > > > > > > cycomm.tar.gz > > > roots.tar > > > > > > Haven't got a clue what it is, but I don't think they are nice. > > > > > > Now, the big question is, will they affect other boxes on the > > > network as well. I assume that the XP-Boxes should be alright. > > > > Assume NOTHING. It could be setup now to spread Windows > viruses. Make > > sure all the other machines on your network are not infected. > > Basically you're toast, I fear. > > While it is not impossible it is unlikely. They were most > likely looking to take control to setup a spam bot or jumping > off point to attempt take over of other unix systems. > > But it is a good idea to sweep all other systems. > > Note: this is not your typical virus. An exploit in an > application, most likely phpBB, was used to load code on the > system. This was then executed to either attempt connection > to a control channel or elevate privileges. > > Either way it requires a bare metal install to make sure it > is cleaned out. > > > -- > Scot L. Harris > webid@xxxxxxxxxx > > If I can have honesty, it's easier to overlook mistakes. > -- Kirk, "Space Seed", stardate 3141.9 > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature