Hi All, Look what we found in our honeypot this morning: A new breed of the Linux w0rmkit that uses the adore module to hide itself. The backdoor listens on 12345 and is a 1.2.26 sshd with a preprogrammed password of h4ck3d! It is a more advanced version of the earlier w0rmkit since it uses the adore kernel based rootkit and chattr to make itself permanent on a system. It exploits the usual Linux vulnerabilities (the same scanner as w0rmkit) to gain access. Grtz, Arthur -- /* Disclaimer : you hire my skills, not my opinions, those are mine ! */ /* email : arthurat_private Security 'Me ? I'm not me ! I'm just a */ /* phone : (+31) 50 549 2701 is not a computer simulation of me' */ /* URL http://www.reseau.nl dirty word Red Dwarf, First Episode */
This archive was generated by hypermail 2b30 : Tue May 22 2001 - 08:37:26 PDT