Strange connection
Scot L. Harris
webid at cfl.rr.com
Wed Jul 20 01:20:34 UTC 2005
On Tue, 2005-07-19 at 20:57, jdow wrote:
> From: "Tomas Larsson" <ktl at bornet.net>
>
> > gulie.tgz, this one is clearly a virys, symantec calls it "Linux.RST.B"
> >
> > The others is
> >
> > cycomm.tar.gz
> > roots.tar
> >
> > Haven't got a clue what it is, but I don't think they are nice.
> >
> > Now, the big question is, will they affect other boxes on the network as
> > well. I assume that the XP-Boxes should be alright.
>
> Assume NOTHING. It could be setup now to spread Windows viruses. Make
> sure all the other machines on your network are not infected. Basically
> you're toast, I fear.
While it is not impossible it is unlikely. They were most likely
looking to take control to setup a spam bot or jumping off point to
attempt take over of other unix systems.
But it is a good idea to sweep all other systems.
Note: this is not your typical virus. An exploit in an application,
most likely phpBB, was used to load code on the system. This was then
executed to either attempt connection to a control channel or elevate
privileges.
Either way it requires a bare metal install to make sure it is cleaned
out.
--
Scot L. Harris
webid at cfl.rr.com
If I can have honesty, it's easier to overlook mistakes.
-- Kirk, "Space Seed", stardate 3141.9
More information about the fedora-list
mailing list