[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] What do do if a raq4 is infected ?
- Subject: [cobalt-security] What do do if a raq4 is infected ?
- From: "Bob Lenaerts" <bob@xxxxxxxxxx>
- Date: Fri, 20 Jun 2003 09:22:59 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi all,
I have this as output
What can I do about that ?
Can I for ex. delete Ifconfig , and reinstall ifconfig from a pkg ?
bob
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... INFECTED
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... INFECTED
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... INFECTED
Checking `rpcinfo'... not infected
Checking `rlogind'... not infected
Checking `rshd'... not infected
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found Searching for
t0rn's default files and dirs... nothing found Searching for t0rn's v8
defaults... Possible t0rn v8 (or variation) rootkit installed Searching
for Lion Worm default files and dirs... nothing found Searching for
RSHA's default files and dir... nothing found Searching for RH-Sharpe's
default files... nothing found Searching for Ambient's rootkit (ark)
default files and dirs... nothing found Searching for suspicious files
and dirs, it may take a while...
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/MIME/Base64/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/DBI/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Msql-Mysql-modules/.packl
ist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Net/SSLeay/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/IO-stringy/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Mail/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/MIME-tools/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Jcode/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/File/Temp/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Convert/TNE!
F/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Convert/UUlib/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Archive/Zip/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Unix/Syslog/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Pod/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Pod/Parser/.packlist
/usr/lib/perl5/5.00503/i386-linux/.packlist
/usr/lib/perl5/5.00503/i386-linux/auto/File/Spec/.packlist
Searching for LPD Worm files and dirs... nothing found Searching for
Ramen Worm files and dirs... nothing found Searching for Maniac files
and dirs... nothing found Searching for RK17 files and dirs... nothing
found Searching for Ducoci rootkit... nothing found Searching for Adore
Worm... nothing found Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found Searching for Sadmind/IIS
Worm... nothing found Searching for MonKit... nothing found Searching
for Showtee... Warning: Possible Showtee Rootkit installed Searching for
OpticKit... nothing found Searching for T.R.K... nothing found Searching
for Mithra... nothing found Searching for OBSD rk v1... nothing found
Searching for LOC rootkit ... nothing found Searching for Romanian
rootkit ... /usr/include/file.h /usr/include/proc.h Searching for
anomalies in shell history files... nothing found Checking `asp'... not
infected Checking `bindshell'... not infected
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'...
eth0 is not promisc
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'...
nothing deleted