Openssl-brute tool trojan warning

["director, packetstormsecurity.org" <director () packetstormsecurity org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On October 23, openssl-brute.tgz was added to the Packet Storm exploit
tool section. This is an OpenSSL remote exploit tool for OpenSSL
versions 0.9.6d and below running under Linux and BSD, with brute
forcing capability added to it.

It appears to work normally when run as a normal user. However if run as
root it creates the following files in /tmp:

.t - FTP script that attempts to FTP files to ftp.angelfire.com
.js - /etc/passwd /etc/shadow
.jp - /etc/shadow
.file - Output of netstat -ant
.d - Output of netstat -ant

Also adds an account named "postgres".

The file in question is available for analysis at
http://packetstormsecurity.org/removed.

The file openssl-brute.tgz has the following MD5 hash:
221b200e29956489c5a5baff2b532a1f

The Packet Storm staff sincerely apologizes for any inconvenience this
has caused.  We would also like to thank Rootkid for the timely
notification of the problem.

***
"Our security is not a matter of weapons alone. The arm that wields them
must be strong, the eye that guides them clear, the will that directs
them indomitable." Franklin D. Roosevelt

Emerson Tan
http://www.packetstormsecurity.org
director () packetstormsecurity org
PGP public key from http://pgpkeys.mit.edu, or on request
PGP key fingerprint: 7A34 BF8D F7AB A6FC F242  80F9 5896 5A2E E23D 05AD


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
Comment: Using PGP with Mozilla - http://enigmail.mozdev.org

iQA+AwUBPblTqViWWi7iPQWtEQJuDQCYjKty6xiAMElTjpWjJJEbUf6LhwCdE63o
/jYqVMm2OdzSWwDVTLQ06Jk=
=KGkZ
-----END PGP SIGNATURE-----