Security Incidents mailing list archives
Re: New Rootkit?
From: Jeffrey Denton <dentonj () c2i2 com>
Date: Thu, 16 Oct 2003 12:19:38 -0700 (MST)
$ strings server . . . 200.241.173.21 Must be ran as root. socket bind setsockopt newserver stream ping pong fork Forked into background, pid %d ./at 0 %s 1 65535 1 %d 1>/dev/null 2>/dev/null server.c /usr/.xmag/mstream/ . . . http://staff.washington.edu/dittrich/misc/mstream.analysis.txt The strings fingerprint is similar. You may want to look at what else is in the /usr/.xmag directory. dentonj --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 ----------------------------------------------------------------------------
Current thread:
- New Rootkit? Frey (Probe Networks) (Oct 16)
- Re: New Rootkit? Thorsten Holz (Oct 16)
- Re: New Rootkit? Eoghan Casey (Oct 16)
- Re: New Rootkit? Alvin Wong (Oct 17)
- Re: New Rootkit? Russell Harding (Oct 19)
- Re: New Rootkit? Alvin Wong (Oct 17)
- Re: New Rootkit? Jeffrey Denton (Oct 16)