Security Incidents mailing list archives

Linux virus out in the wild?


From: mixter () NEWYORKOFFICE COM (Martin Ixter)
Date: Thu Feb 3 16:47:53 2000


I have recently observed that on my Linux machine, some strange
files have been appearing in the /tmp directory.. they were copies
of other binaries on the system, renamed to /tmp/tmp or /tmp/tempX,
where X is a incrementing number. I first figured that this was something
a NFS server created, but I traced it back to a couple of locally
compiled, formerly trusted binaries.. the strange stuff is that these
binaries are not supposed to create these files, and I haven't seen any
library call that creates tmp files in this way. When I re-compiled them
from fresh source, the new binaries weren't creating temp files.
My conclusion is that I've somehow been infected by a Linux virus which
seems to be spreading in the wild.
As far as I can remember, I always reviewed sources before I compiled them,
and I am running no remotely accessible services at all on that machine, or
letting any users on it, so it seems possible that a pre-compiled binary from
a trusted software site was infected. If anyone finds these /tmp/temp files,
or has an explanation, please let me know... I'm posting the supposedly
infected binaries with some details on the suspicious actions they perform at
http://mixtersecurity.tripod.com/virii.tgz

Mixter

_____________________________________________
Free email with cool domains at FriendlyEmail
http://www.mypad.com/


Current thread: