Security Incidents mailing list archives

Re: Suspicious files in /tmp

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 19 Jun 2007 01:10:06 +0300 (EEST)

I have received a Virus Alert notification message from my webmail provider informing about a malware in my Inbox.
This is the reason I never received the first message of this thread (webmail company deleted the message).
Unfortunately, I don't remember the exact name of malware reported but 'Perl' was included to the malware name.

- Juha-Matti

"Matt D. Harris" <mdh () solitox net> wrote:

They're being executed despite filesystem mount options because thescript isn't being executed, the perl interpretter is.

--clip--

kladizkov.thehome wrote:
> Hi,
>> My firewall LFD, pulled out three perl scripts from /tmp. It was found
> to be executing in my server. I have attached the scripts along with
> this mail. Is this issue familiar to anyone?
>> How can a script uploaded to /tmp be executed when it has noexec privilege?>>> ------------------------------------------------------------------------>> -------------------------------------------------------------------------
> This list sponsored by: SPI Dynamics
>> ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper> It's as simple as placing additional SQL commands into a Web Form input box> giving hackers complete access to all your backend systems! Firewalls and IDS> will not stop such attacks because SQL Injections are NOT seen as intruders.> Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!>> https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E
> --------------------------------------------------------------------------



-------------------------------------------------------------------------
This list sponsored by: SPI Dynamics

ALERT: .How a Hacker Launches a SQL Injection Attack!.- White PaperIt's as simple as placing additional SQL commands into a Web Form input boxgiving hackers complete access to all your backend systems! Firewalls and IDSwill not stop such attacks because SQL Injections are NOT seen as intruders.Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E
--------------------------------------------------------------------------

Current thread:

Re: Suspicious files in /tmp, (continued)
- - Re: Suspicious files in /tmp Rainer Duffner (Jun 19)
  - Re: Suspicious files in /tmp Robin Sheat (Jun 19)
    - Re: Suspicious files in /tmp Valdis . Kletnieks (Jun 20)
    - RE: Suspicious files in /tmp Thyago Braga da Silva (Jun 21)
    - RE: Suspicious files in /tmp kaneda (Jun 21)
    - Re: Suspicious files in /tmp Eduardo Tongson (Jun 22)
  - Re: Suspicious files in /tmp Remko Lodder (Jun 21)
    - Re: Suspicious files in /tmp Cy Schubert (Jun 21)
- Re: Suspicious files in /tmp Jamie Riden (Jun 18)
- Re: Suspicious files in /tmp Jamie Riden (Jun 18)
- Re: Suspicious files in /tmp Juha-Matti Laurio (Jun 19)