[Cialug] rootkit
Daniel Wittenberg
cialug@cialug.org
Thu, 10 Mar 2005 10:00:42 -0600
Looks like you also aren't getting some the checks done too -
Definitely looks like a problem to me...
Dan
On Thu, 2005-03-10 at 09:47 -0600, admin wrote:
> consistent 5 times over.
>
> Checking `ifconfig'... INFECTED
> Checking `ldsopreload'... can't exec ./strings-static, not tested
> Checking `pstree'... INFECTED
> Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\)
> rootkit installed
> Searching for Showtee... Warning: Possible Showtee Rootkit installed
> Searching for Romanian rootkit... /usr/include/file.h /usr/include/proc.h
> Checking `sniffer'... not tested: can't exec ./ifpromisc
> Checking `wted'... not tested: can't exec ./chkwtmp
> Checking `z2'... not tested: can't exec ./chklastlog
> Checking `chkutmp'... not tested: can't exec ./chkutmp
> ---------------------
> admin@c0wzftp.com
> Administrator - Email Service