[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Comprimised Box
- Subject: Re: [cobalt-security] Comprimised Box
- From: "John E. Martin" <jem@xxxxxxxxxxxxxxxxx>
- Date: Thu, 20 Mar 2003 17:46:39 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> It is a RAQ 4i the file was ./sushi
> it is attached I belive that i have been rooted some how and this file is
> the key, Can any one help me figure out what the hell this thing is and
what
> it has been doing to my system.
This is what you've been hit with, if I had to take a guess:
[--ARK version 1.0 - Ambient's Rootkit for Linux--]
Scrounge around your /tmp for '...' directories and the such. I'm sure it's
there somewhere. ;)
Also, if you haven't already, go to http://www.chkrootkit.org and get the
latest version and scan away.
Sorry to hear you're got nailed man. =/
> PS If needed i can attach the file
Nah, I think we have a pretty good idea what it is. ;)
Peace,
-j