> > Hey.. > From what I can see you've been rooted by this "group" called hoax. They > probably just had some rootkit laying around. All very simple. But still you > need to take to take action, my guess is that those guys aren't pros. Run > chkrootkit (ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz) for A new version of this is coming out this month I'm told for anybody who cares. - zenoat_private > backdoors/infected binaries. and you really need to check your local > security. I don't know what your situation is like but I would've shut down > most of my services/users and start looking for backdoors/traces and such. > Feel free to send me those tarballs if you want, I could browse em through > quick. > > // Mattias Hedenskog > > > I've just received word that one of our customers was rooted, and he's > > asking about the file ".haos". Nothing rings any bells, has anyone heard > > of it? > > > > --------------------------------------------------------------------------- > >- This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: http://aris.securityfocus.com > > -- > irc:tsixla@efnet,irscnet > mail:tsixlaat_private > http://tsixla.antisec.net > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 16:39:58 PST