Bugtraq mailing list archives

Quota Trojan

From: jordy () newport thirdwave net (Jordy)
Date: Wed, 24 Jul 1996 02:04:23 -0500


I thought i'd respond to the little quota trojan that has been cycling
around. Yes, this program will mail user on thirdwave named 'tsk' [who
doesn't exist], a whole bunch of nasty files [/etc/passwd, NIS database
files, etc], and set your .rhosts file so anyone could log in. The little
program was reported to CERT roughly 4 months ago and an effort was made
to notify all administrators of the immediatly affected sites to tell
their users not to run it.

I'm sure if you try hard enough, you could get CERT to release the
information on it. I did authorize for anything they wish to release to be
released, but so far, they have declined the right.

Jordy
            ,''~``.                              ,''``~.
            ( o o )                             ,( o o ),
    /--.oooO--(_)--Oooo.--------------------.oooO--(_)--Oooo.---\
    |               http://www.thirdwave.net/~jordy/            |
    | There are people in this world that look at art but can't |
    |   see it. There are also people who listen to music but   |
    |    don't hear it.  I feel sorry for those who look and    |
    |     listen and envious of those who can see and hear.     |
    |    .oooO                                        Oooo.     |
    |    (   )   Oooo.   jordy () thirdwave net  .oooO   (   )     |
    \-----\ (----(   )------------------------(   )--- ) /------/
           \_)    ) /                          \ (    (_/
                 (_/                            \_)

Current thread:

Re: vulnerability in vi under AIX 3.2 David A. Curry (Jul 23)
- Quota Trojan Jordy (Jul 24)
- <Possible follow-ups>
- Re: vulnerability in vi under AIX 3.2 Max Bloomfield (Jul 24)
  - Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 24)
  - CERT Advisory CA-96.14 - Vulnerability in rdist CERT Advisory (Jul 24)