Security Basics mailing list archives

Chkrootkit finds bindshell

From: "Phil Cryer" <phil () cryer us>
Date: Mon, 22 Aug 2005 09:58:00 -0500

On:

[root@pepe /usr/local/www/data]# uname -a
FreeBSD pepe.cryer.us 6.0-CURRENT-SNAP004 FreeBSD 6.0-CURRENT-SNAP004 #0: Thu Jun  2 06:12:51 UTC 2005     root () wv1u 
samsco home:/usr/obj/usr/src/sys/GENERIC  i386

chkrootkit found:
Checking `bindshell'... INFECTED (PORTS:  465)

Googling finds that it's often a 'false positive'.  What is the concensus from this group?  What should be done?

P

"You teach best what you most need to learn." - Richard Bach

Current thread:

Chkrootkit finds bindshell Phil Cryer (Aug 23)
- <Possible follow-ups>
- RE: Chkrootkit finds bindshell Keith Bucher (Aug 23)
  - Re: Chkrootkit finds bindshell Esteban B. (Aug 24)
- Re: Chkrootkit finds bindshell Phil Cryer (Aug 23)