Security Incidents mailing list archives
Re: new SunOS 5 rootkit? (fwd)
From: "Michael H. Warfield" <mhw () wittsend com>
Date: Thu, 14 Feb 2002 22:57:06 -0500
On Thu, Feb 14, 2002 at 10:26:26AM +0000, Alan Thew wrote:
Anyone seen this before? contains trojaned ls, netstat, ps and others. In addition on port 5654 , Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-1.5-1.2.25
is installed and setup to start at reboots etc...
What does "chkrootkit" have to say about it?
Thanks
-- Alan Thew FAX: +44 151 794 4442 ---------- Forwarded message ---------- # # # # # # # RootKit fr SunOS # # # (C) Adolf Hitler / NSDAP # # # # # English version.. for you scriptkids. # # 988113360
Regards, Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- new SunOS 5 rootkit? (fwd) Alan Thew (Feb 14)
- Re: new SunOS 5 rootkit? (fwd) Michael H. Warfield (Feb 15)