Bugtraq mailing list archives
Re: what is this?
From: Denis <sp23 () internode on net>
Date: Tue, 15 Jan 2008 16:16:03 +1100
This is a very serious new threat affecting Linux servers and thousands of boxes have been compromised since December 2007. Each box serving the nasty javascript has been rooted. One person has found a way to CLEAN the infection (ie. stop your server from serving the bad javascript), however not the root hole ie. the servers in question are still rooted as nobody so far has found what hole is being exploited to gain root access in the first place. See the following urls for a lot more info on this exploit: http://www.webhostingtalk.com/showthread.php?t=651748 (useful discussion starts on page 3 or so) http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/ Time for some honey pot action to find out how they're gaining root access to begin with. From all reports so far it does not appear to be a kernel vulnerability (as some of the affected servers were using latest kernels) Cheers, Denis On Sun, 13 Jan 2008 21:31:34 +0530 "crazy frog crazy frog" <i.m.crazy.frog () gmail com> wrote: ---> Hi, ---> ---> Recently on opening one of my site,my antivirus pops up saying that it ---> has found on malicious script.the url is random and i have managed to ---> get tht script.it is using some flaw in apple quick time. ---> u can get the zip file for java script here: ---> http://secgeeks.com/what.zip ---> password is 12345 ---> can somebody guide/help me what is this and how can i remove it? ---> ---> -- ---> advertise on secgeeks? ---> http://secgeeks.com/Advertising_on_Secgeeks.com ---> http://newskicks.com Denis
Current thread:
- Re: what is this?, (continued)
- Re: what is this? Robert McArdle (Jan 14)
- Re: [Full-disclosure] what is this? 3APA3A (Jan 14)
- Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 14)
- Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 14)
- Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 14)
- Re: what is this? Jose Nazario (Jan 14)
- Re: what is this? crazy frog crazy frog (Jan 14)
- RE: what is this? Mario Contestabile (Jan 14)
- Re[2]: [Full-disclosure] what is this? 3APA3A (Jan 14)
- Message not available
- Re: what is this? Robert McArdle (Jan 14)
- Re: what is this? Gadi Evron (Jan 14)
- Re: what is this? Denis (Jan 15)
- Re: what is this? crazy frog crazy frog (Jan 15)
- Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 15)
- Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 15)
- Re: [Full-disclosure] what is this? Gadi Evron (Jan 15)
- Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 15)
- Re: what is this? crazy frog crazy frog (Jan 15)
- Re[2]: what is this? none (Jan 15)
- Re[2]: what is this? Denis (Jan 15)
- Re[2]: what is this? Denis (Jan 15)