lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <freemail.20040103183904.86775@fm9.freemail.hu>
From: etomcat at freemail.hu (Feher Tamas)
Subject: a little help needed with identifying a rootkit

>The SuSE security lists is having a little discussion about a
>possible hacked SuSE 8.2 machine. There is a rather big
>chance the system has been injected a script which
>downloaded stuff from here:
>http://218.234.171.84/manual/.x/

This is what Kaspersky AV with latest update says:

DO.PL infected: Backdoor.Perl.Doopel
I.TXT   infected: Backdoor.PHP.Pokeman
II.TXT  infected: Backdoor.PHP.Pokeman
R.PL  infected: Backdoor.Perl.Perlooper
RHS    infected: Backdoor.Linux.Krepper
CROND  infected: Trojan.Linux.Rootkit.o
LOGIN   infected: Trojan.Linux.Rootkit.o
PSTREE infected: Trojan.Linux.Rootkit.o

Regards: Tamas Feher.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ