VeNoMouS wrote: > > Ive looked into this a little bit more and it adds 8.7KB of data to any elf > file it finds on your system I don't think the exploit itself is trojaned, as others on this thread have indicated. Rather, the exploit has been infected with some virus that opens a backdoor, like RST and RST.b. > it does apare to be some type of virii back door, plz find attached a clean > and a infected version of grep 2.4.2 (GNU) from a rh 6.2 box it appends its > data to the end of the elf but have been unsuccsessful reverse engineing it > so far. Whoops, I didn't catch that when I read the note the first time. I don't normally (now) send virus code through to the list. At least no one needs to ask for samples. :) Obviously, please take great care with the infected file. If it's like RST, it will open a backdoor, and call home to tell someone about it. You will be r00ted. BB
This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 15:49:52 PST