Re: I Was rooted

[Michal Nazarewicz <cefek () CAREER PL>]

Monday, Andrew Heath wrote:

AH>as well as the sshd and sshd2, which seems a bit strange.  Things that it
AH>does that don't make sense to me include trojaning named,  stopping and
AH>deleting portmap, smbd, and nmbd, and removeing the imap entry from
AH>inetd.conf.  It also adds a binary "myserver" into lib which seems to be a

That's kind of a kiddie security tightening. This script blindly deletes
services, that may contain security holes. Crakers don't like when
somebody other gets after their owned machine, so the best way to
accomplish this is -- to remove potentially exploitable holes.

Could you please upload to any website this rootkit?

--
Michal 'CeFeK' Nazarewicz   / CAOL, DK GROUP SYSADMIN ^ NETADMIN         B
ICQ 47171266 / +48 (601) CEFEK 0 / http://www.dkgroup.pl/index.html      O
mailto:cefek at saydk dot co dot uk / MN4735-RIPE / Pengiun #164007      F
The best way to accelerate a Macintoy is 9.8 meters per second, squared. H