Security Incidents mailing list archives
.baa0xdd1r??
From: SecLists <lists () secure stargate net>
Date: Mon, 30 Jul 2001 11:48:05 -0400 (EDT)
We have a customer's system that we believe was hacked... in /var/tmp there is a binary file: .baa0xdd1r it appears to have replaced /usr/sbin/in.telnetd /bin/login also appears suspect... this is: bash-2.01# uname -a SunOS xxxxxxx 5.6 Generic_105181-06 sun4u sparc SUNW,Ultra-1 does this sound like a familiar rootkit? or is something totally new? we are still gathering info but I wanted to post this soon in the chance that someone has dealt with this before.. don't want to have to reinvent the wheel... thanks, shawn ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- .baa0xdd1r?? SecLists (Jul 30)
- Re: .baa0xdd1r?? Bill Burge (Jul 30)
- Re: .baa0xdd1r?? Lance Spitzner (Jul 30)