Security Incidents mailing list archives
RE: Remote Shell Trojan: Threat, Origin and the Solution
From: Jonathan Rickman <jonathan () xcorps net>
Date: Mon, 10 Sep 2001 16:46:41 -0400 (EDT)
On Mon, 10 Sep 2001, Matt Block wrote:
It compiles the executable (using a potentially compromized gcc, ld, etc.) and copies it (using a potentially compromized cp)
I think this needs to be emphasized...just in case anyone missed it. "using a potentially compromised gcc, ld, etc." "using a potentially compromised cp" And, unless I'm mistaken, the resulting executable will then proceed to re-infect everything after cleaning it first. Social engineering, or major oversight??? -- Jonathan Rickman X Corps Security http://www.xcorps.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Remote Shell Trojan: Threat, Origin and the Solution kai takashi (Sep 10)
- Re: Remote Shell Trojan: Threat, Origin and the Solution Nick FitzGerald (Sep 10)
- Re: Remote Shell Trojan: Threat, Origin and the Solution Kevin Gagel (Sep 10)
- Re: Remote Shell Trojan: Threat, Origin and the Solution Patrick Andry (Sep 10)
- <Possible follow-ups>
- RE: Remote Shell Trojan: Threat, Origin and the Solution John Stauffacher (Sep 10)
- RE: Remote Shell Trojan: Threat, Origin and the Solution Matt Block (Sep 10)
- RE: Remote Shell Trojan: Threat, Origin and the Solution Jonathan Rickman (Sep 10)
- RE: Remote Shell Trojan: Threat, Origin and the Solution Matt Block (Sep 10)