Security Incidents mailing list archives
Re: Rooted, .haos on system
From: zeno <bugtraq () cgisecurity net>
Date: Mon, 16 Dec 2002 16:27:10 -0500 (EST)
Hey.. From what I can see you've been rooted by this "group" called hoax. They probably just had some rootkit laying around. All very simple. But still you need to take to take action, my guess is that those guys aren't pros. Run chkrootkit (ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz) for
A new version of this is coming out this month I'm told for anybody who cares. - zeno () cgisecurity com
backdoors/infected binaries. and you really need to check your local security. I don't know what your situation is like but I would've shut down most of my services/users and start looking for backdoors/traces and such. Feel free to send me those tarballs if you want, I could browse em through quick. // Mattias HedenskogI've just received word that one of our customers was rooted, and he's asking about the file ".haos". Nothing rings any bells, has anyone heard of it? --------------------------------------------------------------------------- - This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com-- irc:tsixla@efnet,irscnet mail:tsixla () antisec net http://tsixla.antisec.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Rooted, .haos on system, (continued)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
- Re: Rooted, .haos on system Mike Katz (Dec 16)
- Re: Rooted, .haos on system zeno (Dec 16)
- Re: Rooted, .haos on system Carlos Eduardo Pedroza Santiviago (Dec 16)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
- Message not available
- Re: Rooted, .haos on system Julian Young (Dec 17)
- New CIFS (port 445) worm? David Gillett (Dec 17)
- Re: New CIFS (port 445) worm? Zen (Dec 17)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
- Re: Rooted, .haos on system zeno (Dec 16)