Bugtraq mailing list archives
Quota Trojan
From: jordy () newport thirdwave net (Jordy)
Date: Wed, 24 Jul 1996 02:04:23 -0500
I thought i'd respond to the little quota trojan that has been cycling around. Yes, this program will mail user on thirdwave named 'tsk' [who doesn't exist], a whole bunch of nasty files [/etc/passwd, NIS database files, etc], and set your .rhosts file so anyone could log in. The little program was reported to CERT roughly 4 months ago and an effort was made to notify all administrators of the immediatly affected sites to tell their users not to run it. I'm sure if you try hard enough, you could get CERT to release the information on it. I did authorize for anything they wish to release to be released, but so far, they have declined the right. Jordy ,''~``. ,''``~. ( o o ) ,( o o ), /--.oooO--(_)--Oooo.--------------------.oooO--(_)--Oooo.---\ | http://www.thirdwave.net/~jordy/ | | There are people in this world that look at art but can't | | see it. There are also people who listen to music but | | don't hear it. I feel sorry for those who look and | | listen and envious of those who can see and hear. | | .oooO Oooo. | | ( ) Oooo. jordy () thirdwave net .oooO ( ) | \-----\ (----( )------------------------( )--- ) /------/ \_) ) / \ ( (_/ (_/ \_)
Current thread:
- Re: vulnerability in vi under AIX 3.2 David A. Curry (Jul 23)
- Quota Trojan Jordy (Jul 24)
- <Possible follow-ups>
- Re: vulnerability in vi under AIX 3.2 Max Bloomfield (Jul 24)
- Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 24)
- CERT Advisory CA-96.14 - Vulnerability in rdist CERT Advisory (Jul 24)