On Tue, Jan 04, 2000 at 03:08:49PM -0800, Peter J Dinauer wrote: > The hunt is on . . . . > Received: from SpoolDir by ROADRUNNER (Mercury 1.44); 4 Jan 00 13:10:19 pst8pdt > If you have a lot of experience with software that is still a bit > green, you could really make a contribution to the community by > running and testing the scanning program. > > If you are less experienced you might want to delay a day or two. > But don't delay long, the tool may have a short life span, as the > attackers will begin to modify the trojan code to evade detection. > > Where to find the software: > > The host-based tool from NIPC may be found at: > http://www.fbi.gov/nipc/trinoo.htm > I suppose this is legit. However, they are asking us to run AS ROOT, some unknown executable on all our important systems. Goes against the most basic security procedures! No source provided, no way to ensure that this isn't just another trojan... (even the fbi.gov site could be hacked, and anyway how do they know what is in the executable?) James
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:41 PDT