lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Oct 2006 12:16:20 -0500 (CDT) From: "Heiko Zuerker" <heiko@...rker.org> To: full-disclosure@...ts.grok.org.uk Subject: Re: Devil Linux 1.2.10 has an IRC bot onboard -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Victor, Victor Grishchenko <gritzko <at> plotinka.ru> writes: > While building and testing a customized version of DevilLinux router > distro I found an IRC bot onboard. As far as I understood, it was > EnergyMech compiled from source right there plus some executable named > "TODO" (for camouflage purposes). The stuff unfolds at /shm/sshd/ and > runs somehow. Sadly, I had no time for detailed investigation. It leaves > an overall impression of script kiddie's work. > Last days DevilLinux website seems to be dead. I am the project leader of Devil-Linux. First of all our website is up and was not down at any time. I don't know how this bot got on your system, but what you're writing does not make any sense. 1. There's no bot included in the DL sources 2. I can never have been compiled on a running DL system, because there are no compilers included. 3. It can only have been introduced (compiled from source as you say) if the machine you compiled DL on, was compromised. 4. The location you specify (/shm) is a ramdisk. So it must be copied onto the system after it boots up. This can only be the case if you have the system wide open and somebody can log in easily. 5. I verified the official 1.2.10 release and there's no bot to be seen. So it seems the problem does not like with Devil-Linux, but rather with your own system. Please stop spreading accusations like this, especially without properly analyzing the issue first. Regards Heiko Zuerker http://www.devil-linux.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iEYEARECAAYFAkU3suQACgkQUcytMSbs+YX8RgCgkxOwclrtMFfp95/cPet0qvef J1wAnAyRX9HXEspUD16YsMBkdFfA5bwE =dRcY -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists