Security Incidents mailing list archives

!!!Linux ELF infector!!!

From: destroyerb () HOTMAIL COM (dEStr0YEr)
Date: Sat, 22 Apr 2000 01:52:51 +0300


Hi there!

  Well, f0lks, this is a small(maybe simple) infect0r, which
 has been written only for pr0be, I mean that this infect0r
 is begin!!! T0 be continue...
 Infector works properly only with *.s-n files s0rryyyy :(
 but it works!!! And we almost have written complete virus for Linux.
 By the way, coming soon! ;)
  S0rry for this assem, particularly for file c0py ;) And please,
 close your eyes 0n 0ptimization, Virus is comming and it will s0lve all!

     P.S. We're waiting all your suggestion
          and info, which can help us to complete it, because
          we have enough ideas but haven't informati0n

          Is anybody who want coding with us? If so, then
destroyerb () hotmail com

<HR NOSHADE>
<UL>
<LI>application/octet-stream attachment: macroses.inc
</UL>

<HR NOSHADE>
<UL>
<LI>application/octet-stream attachment: main.s
</UL>

Current thread:

RH6.1/IPChains box hacked, (continued)
- - - RH6.1/IPChains box hacked J. J. Horner (Apr 20)
    - Re: RH6.1/IPChains box hacked Jon Lewis (Apr 21)
    - Re: RH6.1/IPChains box hacked mad () STUDENTS ZCU CZ (Apr 21)
    - Re: RH6.1/IPChains box hacked Del Elson (Apr 24)
    - Re: Rooted through in.identd on Red Hat 6.0 Cold Fire (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Jose Nazario (Apr 21)
    - Re: Rooted through in.identd on Red Hat 6.0 Richard Wash (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 J. J. Horner (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 21)
    - Re: Rooted through in.identd on Red Hat 6.0 jms (Apr 21)
    - !!!Linux ELF infector!!! dEStr0YEr (Apr 21)
    - Re: !!!Linux ELF infector!!! John Flux (Apr 24)
    - BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 22)
    - Re: BIND 8.2.2.-P3, 0-day exploit Jon Lewis (Apr 24)
    - Re: BIND 8.2.2.-P3, 0-day exploit kj (Apr 24)
    - Odd snmp scans from 10.0.0.0/8 address ??? Russell Fulton (Apr 25)
    - Re: BIND 8.2.2.-P3, 0-day exploit Stone (Apr 26)
    - Re: BIND 8.2.2.-P3, 0-day exploit Ryan Russell (Apr 27)
    - Re: BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 27)
    - regulary 137 and 524 port scan Cho Yongsang (Apr 27)
    - huge scans from www.oix.com jose (Apr 28)

(Thread continues...)