Security Incidents: Re: Machine compromised, rootkit and DDoS tools installed.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Machine compromised, rootkit and DDoS tools installed.

From: Chris Keladis <Chris.Keladis () CMC CWO NET AU>
Date: Mon, 25 Sep 2000 01:24:52 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 04:56 PM 9/21/00 -0500, Jeremy L. Gaddis wrote:

Oh, one last bit, a file named "shitc.tgz" was found on the
filesystem.  I also noticed a message in sendmail's logs
from root to "shitc () altavista com "



Interesting.

I had the displeasure of dealing with the "shitc" (??) rootkit.

I'm still poking around the various bins, and i don't have a Linux box
handy to test it all on, but at first glance i did not see any TFN daemons
in my copy.

I noticed alot of "script-kids" are getting hotmail & yahoo accounts for
"reconnissance".

I wonder what their AUP says about that?




Regards,

Chris



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOc+0lCEx0akmf5vwEQITWgCgvdiHASOgNnvcgazoGqXluRREw4MAoIe/
yIZC6SpkaYlE7d4FIjfM6vgf
=xcwW
-----END PGP SIGNATURE-----

By Date By Thread

Current thread:

Machine compromised, rootkit and DDoS tools installed. Jeremy L. Gaddis (Sep 22)
- Re: Machine compromised, rootkit and DDoS tools installed. Chris Keladis (Sep 25)
  - Re: Machine compromised, rootkit and DDoS tools installed. Ben Belchak (Sep 25)
- <Possible follow-ups>
- Re: Machine compromised, rootkit and DDoS tools installed. H Carvey (Sep 24)
- Re: Machine compromised, rootkit and DDoS tools installed. Jeremy L. Gaddis (Sep 24)