Re: ptrace24 - How It apeared in my box?

["Jeremy Gaddis" <jeremy () gaddis org>]

Jairo Tcatchenco writes: 

>    Using chkrootkit tool, I found a root kit inside my box. A door was 
> opened and I haven't found yet how they putted it there (there is a folder 
> in tmp, called ..\ \ \ with a lot of malicious files). I left just the 
> basic doors opened (ntp, domain, ssh, http, https).  Could someone explain 
> how they putted it there?

They gain shell access to your box, then used FTP or wget or
similar to transfer ptrace24 to your box, which they then ran
and gained root. 

Congratulations, you've just been hacked! 

j. 

--
Jeremy L. Gaddis   <jeremy () gaddis org>   <http://www.gaddis.org> 



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
    
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
         
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------