Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Plague Proof of Concept Linux backdoor
From: Rik Bobbaers <Rik.Bobbaers () cc kuleuven be>
Date: Mon, 23 Oct 2006 14:15:40 +0200

hijacker () oldum net wrote:
Hello Rik,
and how on earth can you make "root" run that piece of code? Do you have
to specify it in the README section that it is mandatory to run that as
root in order the "new" application root will be installing to run as

very simple, YOU own the box and place the backdoor like that
or you make root execute your code one way or another.

point was: it looks rather ... normal, doesn't immediately catch the eye 
as being a backdoor

aka Rik Bobbaers

K.U.Leuven - LUDIT          -=- Tel: +32 485 52 71 50
Rik.Bobbaers () cc kuleuven be -=- http://harry.ulyssis.org

thinking always leads to conclusions... and those can be extremely dangerous
-- me ;)

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]