On Thu, Feb 14, 2002 at 10:26:26AM +0000, Alan Thew wrote: > Anyone seen this before? contains trojaned ls, netstat, ps and others. > In addition on port 5654 , Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > SSH-1.5-1.2.25 > is installed and setup to start at reboots etc... What does "chkrootkit" have to say about it? > Thanks > -- > Alan Thew > FAX: +44 151 794 4442 > > ---------- Forwarded message ---------- > # > # > # # > # # # RootKit fr SunOS > # # # (C) Adolf Hitler / NSDAP > # # # > # # English version.. for you scriptkids. > # > # > > 988113360 Regards, Mike -- Michael H. Warfield | (770) 985-6132 | mhwat_private /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Feb 15 2002 - 08:34:00 PST