Re: Rooted, .haos on system

[zeno <bugtraq () cgisecurity net>]

> Hey..
> From what I can see you've been rooted by this "group" called hoax. They 
> probably just had some rootkit laying around. All very simple. But still you 
> need to take to take action, my guess is that those guys aren't pros. Run 
> chkrootkit (ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz) for 


A new version of this is coming out this month I'm told for anybody who cares. 

- zeno () cgisecurity com 



> backdoors/infected binaries. and you really need to check your local 
> security. I don't know what your situation is like but I would've shut down 
> most of my services/users and start looking for backdoors/traces and such. 
> Feel free to send me those tarballs if you want, I could browse em through 
> quick.
>
> // Mattias Hedenskog
>
> > I've just received word that one of our customers was rooted, and he's
> > asking about the file ".haos".  Nothing rings any bells, has anyone heard
> > of it?
> >
> > ---------------------------------------------------------------------------
> > - This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management
> > and tracking system please see: http://aris.securityfocus.com
>
> -- 
> irc:tsixla@efnet,irscnet
> mail:tsixla () antisec net 
> http://tsixla.antisec.net
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com