Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

a little help needed with identifying a rootkit

From: Feher Tamas <etomcat () freemail hu>
Date: Tue, 3 Feb 2004 18:39:04 +0100 (CET)
The SuSE security lists is having a little discussion about a
possible hacked SuSE 8.2 machine. There is a rather big
chance the system has been injected a script which
downloaded stuff from here:
http://218.234.171.84/manual/.x/


This is what Kaspersky AV with latest update says:

DO.PL infected: Backdoor.Perl.Doopel
I.TXT   infected: Backdoor.PHP.Pokeman
II.TXT  infected: Backdoor.PHP.Pokeman
R.PL  infected: Backdoor.Perl.Perlooper
RHS    infected: Backdoor.Linux.Krepper
CROND  infected: Trojan.Linux.Rootkit.o
LOGIN   infected: Trojan.Linux.Rootkit.o
PSTREE infected: Trojan.Linux.Rootkit.o

Regards: Tamas Feher.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: