> Hi, see http://www.securityfocus.com/archive/75/249597 I'd like to add that we had a similar incident and there was also an eggdrop directory (which does not appear in the original rootkit) and the eggdrop process was masked as well. We stumbled into it by chance because an user ran an eggdrop and did not see his process anymore ^_^ Raistlin S0ftPj - Digital Security for Y2K -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/E/IT/TW d++(-) s++:-- a-- C++++ UL++++ US+ P(---) L+++ E---- W+++ N++ o? K w--- !O M-- V-- PS++ PE- Y++ PGP++ t+++ !5 X+@ R+++ tv-- b+++ DI++++ D++ G+ e++(*) h! r+>++ y+ ------END GEEK CODE BLOCK------ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Feb 23 2002 - 04:34:38 PST