hi ya i found this today in one of my machines... sorta harmless that it installed itself and used up all of the root partition with a 20Mb killall file... i've since cleaned up the directories etc... just was curious why i couldnt find any references on any of the "unique" keywords ( maniac-Rk, grabb, ipz.gz ... c ya alvin http://www.Linux-Sec.net -- it changed netstat, ls, top, ifconfig with its versions -- it added /usr/bin/geqn, /usr/sbin/mailrc, /usr/lib/.ark? cd /dev/..\?. ------------- ls -laR .: total 128 drwxr-xr-x 3 root root 1024 Jun 1 04:49 ./ drwxr-xr-x 7 root root 27648 Jun 1 18:03 ../ drwxr-xr-x 2 root root 1024 Jun 1 04:48 maniac-Rk/ -rwxr-xr-x 1 root root 98924 Jun 1 04:40 tar* maniac-Rk: total 236 drwxr-xr-x 2 root root 1024 Jun 1 04:48 ./ drwxr-xr-x 3 root root 1024 Jun 1 04:49 ../ -rwxr-xr-x 1 root root 5043 Mar 23 07:18 addlen* -rw-r--r-- 1 root root 5744 May 31 10:10 adore.o -rwxr-xr-x 1 root root 14248 May 31 10:10 ava* -rwxr-xr-x 1 root root 20445 Apr 2 12:24 bnc.gz* -rwxr-xr-x 1 root root 1080 Mar 23 07:48 clear_logs* -rwxr-xr-x 1 root root 7985 Mar 23 07:38 fix* -rwxr-xr-x 1 root root 10171 May 4 12:39 grabbb.gz* -rwxr-xr-x 1 root root 5220 Jun 1 18:53 install.sh* -rwxr-xr-x 1 root root 4734 May 8 10:04 ipz.gz* -rwxr-xr-x 1 root root 10496 Mar 23 07:48 pine.out* -rwxr-xr-x 1 root root 15335 May 31 09:58 ping* -rwxr-xr-x 1 root root 9070 May 4 11:55 slice* -rw-r--r-- 1 root root 19700 Jun 1 18:03 snifflog ---s--s--x 1 root root 11869 Apr 4 19:10 sush* -rwxr-xr-x 1 root root 14319 May 31 10:05 tty* -rwxr-xr-x 1 root root 12405 May 31 09:38 vanish2.gz* -rwxr-xr-x 1 root root 58068 May 19 06:58 wget.gz* # # end oflist...
This archive was generated by hypermail 2b30 : Sat Jun 02 2001 - 07:05:54 PDT