brute force ssh attack
Matthew Miller
mattdm at mattdm.org
Wed Apr 27 21:12:21 UTC 2005
On Wed, Apr 27, 2005 at 05:14:51PM +0200, Daniel Kirsten wrote:
> Yesterday, I examined the directory ~daikanyama/.undernet and probably I
> executed mech as root. The file mech is indeed infected by Linux/Rst-B.
> This explains everything.......
> Does anyone know whether .undernet/mech has another purpose than
> distributing the Linux/Rst-B virus???
It looks like an IRC bot. I imagine the script kiddies who broke into your
machine weren't even aware that the files are infected. (Or maybe, they were
hoping you'd find them and execute them and make the virus spread to root,
giving them a backdoor. But I bet that's giving too much credit.)
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 80 degrees Fahrenheit.
More information about the fedora-list
mailing list