|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: New Rootkit?
From: Jeffrey Denton (dentonj
c2i2.com)
Date: Thu Oct 16 2003 - 14:19:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
$ strings server
. . .
200.241.173.21
Must be ran as root.
socket
bind
setsockopt
newserver
stream
ping
pong
fork
Forked into background, pid %d
./at 0 %s 1 65535 1 %d 1>/dev/null 2>/dev/null
server.c
/usr/.xmag/mstream/
. . .
http://staff.washington.edu/dittrich/misc/mstream.analysis.txt
The strings fingerprint is similar. You may want to look at what else
is in the /usr/.xmag directory.
dentonj
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]