New breed of Linux w0rmkit

[Arthur Donkers <arthur () reseau nl>]

Hi All,

Look what we found in our honeypot this morning:

A new breed of the Linux w0rmkit that uses the adore module to hide itself.
The backdoor listens on 12345 and is a 1.2.26 sshd with a preprogrammed
password of h4ck3d!

It is a more advanced version of the earlier w0rmkit since it uses the
adore kernel based rootkit and chattr to make itself permanent on a system.
It exploits the usual Linux vulnerabilities (the same scanner as w0rmkit)
to gain access.

Grtz,

Arthur

--
/* Disclaimer :   you hire my skills, not my opinions, those are mine !    */
/* email : arthur () reseau nl    Security    'Me ? I'm not me ! I'm just a   */
/* phone : (+31) 50 549 2701   is not a     computer simulation of me'     */
/* URL http://www.reseau.nl   dirty word      Red Dwarf, First Episode     */