[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Comprimised Box

Subject: Re: [cobalt-security] Comprimised Box
From: "John E. Martin" <jem@xxxxxxxxxxxxxxxxx>
Date: Thu, 20 Mar 2003 17:46:39 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> It is a RAQ 4i the file was ./sushi
>  it is attached I belive that i have been rooted some how and this file is
> the key, Can any one help me figure out what the hell this thing is and
what
> it has been doing to my system.

This is what you've been hit with, if I had to take a guess:

[--ARK version 1.0 - Ambient's Rootkit for Linux--]

Scrounge around your /tmp for '...' directories and the such. I'm sure it's
there somewhere. ;)

Also, if you haven't already, go to http://www.chkrootkit.org and get the
latest version and scan away.

Sorry to hear you're got nailed man. =/

> PS If needed i can attach the file

Nah, I think we have a pretty good idea what it is. ;)


Peace,
-j

References:
- [cobalt-security] Comprimised Box
  - From: Nathan Kondra

Prev by Date: [cobalt-security] Security Problem with Kernels 2.2 and 2.4 !
Next by Date: Re: [cobalt-security] Security NEW Sendmail Flaw
Previous by thread: [cobalt-security] Comprimised Box
Next by thread: Re: [cobalt-security] Comprimised Box

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index