Re: Machine compromised, rootkit and DDoS tools installed.

[Ben Belchak <bbelchak () IBASESYSTEMS COM>]

The AUP/Member Conduct page for Hotmail can be found at
http://lc5.law5.hotmail.passport.com/cgi-bin/dasp/hminfo_shell.asp?_lang=EN&content=nospam&id=2&ct=969903757

Sections B, D, E, and F seem particularly relevant to this type of
question.

On Mon, 25 Sep 2000, Incidents Mailing List wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 04:56 PM 9/21/00 -0500, Jeremy L. Gaddis wrote:
>
> > Oh, one last bit, a file named "shitc.tgz" was found on the
> > filesystem.  I also noticed a message in sendmail's logs
> > from root to "shitc () altavista com."
>
>
> Interesting.
>
> I had the displeasure of dealing with the "shitc" (??) rootkit.
>
> I'm still poking around the various bins, and i don't have a Linux box
> handy to test it all on, but at first glance i did not see any TFN daemons
> in my copy.
>
> I noticed alot of "script-kids" are getting hotmail & yahoo accounts for
> "reconnissance".
>
> I wonder what their AUP says about that?
>
>
>
>
> Regards,
>
> Chris
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOc+0lCEx0akmf5vwEQITWgCgvdiHASOgNnvcgazoGqXluRREw4MAoIe/
> yIZC6SpkaYlE7d4FIjfM6vgf
> =xcwW
> -----END PGP SIGNATURE-----

--
Ben Belchak
Consultant, UNIX Systems Administration
iBase Systems
bbelchak () ibasesystems com
-------------------------
Every Horse has an Infinite Number of Legs (proof by intimidation):

Horses have an even number of legs.  Behind they have two legs, and in
front they have fore-legs.  This makes six legs, which is certainly an
odd number of legs for a horse.  But the only number that is both even
and odd is infinity.  Therefore, horses have an infinite number of
legs.  Now to show this for the general case, suppose that somewhere,
there is a horse that has a finite number of legs.  But that is a horse
of another color, and by the lemma ["All horses are the same color"],
that does not exist.