[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] are these worm files?
- Subject: Re: [cobalt-security] are these worm files?
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Sun, 25 Mar 2001 23:40:39 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sat, 24 Mar 2001, Loryan Strant wrote:
> Hi,
>
> I've just run Lionfind on my Cobalt RaQ4, and it says the following are
> suspicious files:
>
> /usr/src/.puta/.1addr /usr/src/.puta/.1file /usr/src/.puta/.1proc
> /usr/src/.puta/.1logz /usr/src/.puta/ /usr/src/.puta/ /usr/info/.t0rn/
>
> I find those a little odd too, so I'm wondering if I can delete this whole
> directory.
> Does anyone have any suggestions?
>
T0rn rootkit. That box is owned. Either spend a loooot of time
reinstalling binaries and cleaning up files, or reinstall the box.
Either way, if you just sit on it you are asking for trouble.