VeNoMouS wrote:
>
> Ive looked into this a little bit more and it adds 8.7KB of data to any elf
> file it finds on your system
I don't think the exploit itself is trojaned, as others on this thread
have indicated. Rather, the exploit has been infected with some
virus that opens a backdoor, like RST and RST.b.
> it does apare to be some type of virii back door, plz find attached a clean
> and a infected version of grep 2.4.2 (GNU) from a rh 6.2 box it appends its
> data to the end of the elf but have been unsuccsessful reverse engineing it
> so far.
Whoops, I didn't catch that when I read the note the first time.
I don't normally (now) send virus code through to the list.
At least no one needs to ask for samples. :)
Obviously, please take great care with the infected file. If it's
like RST, it will open a backdoor, and call home to tell someone
about it. You will be r00ted.
BB
Received on Mar 05 2002
Intro
