Security Incidents mailing list archives
New breed of Linux w0rmkit
From: Arthur Donkers <arthur () reseau nl>
Date: Tue, 22 May 2001 09:15:23 +0200
Hi All, Look what we found in our honeypot this morning: A new breed of the Linux w0rmkit that uses the adore module to hide itself. The backdoor listens on 12345 and is a 1.2.26 sshd with a preprogrammed password of h4ck3d! It is a more advanced version of the earlier w0rmkit since it uses the adore kernel based rootkit and chattr to make itself permanent on a system. It exploits the usual Linux vulnerabilities (the same scanner as w0rmkit) to gain access. Grtz, Arthur -- /* Disclaimer : you hire my skills, not my opinions, those are mine ! */ /* email : arthur () reseau nl Security 'Me ? I'm not me ! I'm just a */ /* phone : (+31) 50 549 2701 is not a computer simulation of me' */ /* URL http://www.reseau.nl dirty word Red Dwarf, First Episode */
Current thread:
- New breed of Linux w0rmkit Arthur Donkers (May 22)