brute force ssh attack

Daniel Kirsten Daniel.Kirsten at gmx.net
Wed Apr 27 15:14:51 UTC 2005


>Daniel -- did you happen to run any of the commands in the compromised user
>account as root?

Yesterday, I examined the directory ~daikanyama/.undernet and probably I 
executed mech as root. The file mech is indeed infected by Linux/Rst-B.   
This explains everything.......


Does anyone know whether .undernet/mech has another purpose than 
distributing the Linux/Rst-B virus???




-- 
+++ Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl




More information about the fedora-list mailing list