Re: msamba

From: Tobias Klein (tobias.kleinat_private)
Date: Fri Apr 25 2003 - 03:06:02 PDT

Next message: Kevin Patz: "Scans on TCP port 9631 + other unknown ports"

Previous message: Mark Embrich: "New attack or old Vulnerability Scanner?"
In reply to: noconflic: "Re: msamba"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

this files are infected with the linuxOSF8759 trojan
ive tried to clean the file with the tools last posted "vaccine.c"
but the files are still infected the right tool for cleaning the files is:
http://packetstormsecurity.nl/trojans/clean-osf.8759.tgz

- newroot

At 10:14 22.04.2003 -0500, noconflic wrote:
> >
> > 8. I haven't contacted anyone because I don't have any hard evidence of
> > where the intrusion came from. The cahcepu.net appears to be run by the
> > guy who tried to get in anyway so I didn't feel it was too worthwhile.
> >
> > Once again, thanks for everyone's comments!
> >
> > Cheers, Steve
> >
>
>   Probably get flamed for sending these but, Like others, I like to keep 
> track of what is
>being used in the wild. Who ever is resposible, it looks like they have 
>been pretty busy.
>
>    http://www.cahcepu.net/dhegleng/root-logs.txt
>
>   At the bottom it looks like there are other "Auto rooters" there.
>     http://www.cahcepu.net/dhegleng/mass-slamet.tar.gz
>     http://www.cahcepu.net/dhegleng/massplo.tar.gz
>     http://www.cahcepu.net/dhegleng/local.tar.gz
>
>  Hope this helps.
>- nocon
>
>
>----------------------------------------------------------------------------
>Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
>world's premier event for IT and network security experts.  The two-day
>Training features 6 hand-on courses on May 12-13 taught by professionals.
>The two-day Briefings on May 14-15 features 24 top speakers with no vendor
>sales pitches.  Deadline for the best rates is April 25.  Register today to
>ensure your place. http://www.securityfocus.com/BlackHat-incidents
>----------------------------------------------------------------------------


----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------

Next message: Kevin Patz: "Scans on TCP port 9631 + other unknown ports"
Previous message: Mark Embrich: "New attack or old Vulnerability Scanner?"
In reply to: noconflic: "Re: msamba"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 25 2003 - 11:44:37 PDT