Security Incidents mailing list archives
Linux virus out in the wild?
From: mixter () NEWYORKOFFICE COM (Martin Ixter)
Date: Thu Feb 3 16:47:53 2000
I have recently observed that on my Linux machine, some strange files have been appearing in the /tmp directory.. they were copies of other binaries on the system, renamed to /tmp/tmp or /tmp/tempX, where X is a incrementing number. I first figured that this was something a NFS server created, but I traced it back to a couple of locally compiled, formerly trusted binaries.. the strange stuff is that these binaries are not supposed to create these files, and I haven't seen any library call that creates tmp files in this way. When I re-compiled them from fresh source, the new binaries weren't creating temp files. My conclusion is that I've somehow been infected by a Linux virus which seems to be spreading in the wild. As far as I can remember, I always reviewed sources before I compiled them, and I am running no remotely accessible services at all on that machine, or letting any users on it, so it seems possible that a pre-compiled binary from a trusted software site was infected. If anyone finds these /tmp/temp files, or has an explanation, please let me know... I'm posting the supposedly infected binaries with some details on the suspicious actions they perform at http://mixtersecurity.tripod.com/virii.tgz Mixter _____________________________________________ Free email with cool domains at FriendlyEmail http://www.mypad.com/
Current thread:
- Linux virus out in the wild? Martin Ixter (Feb 03)
