[Cialug] rootkit
admin
cialug@cialug.org
Thu, 10 Mar 2005 10:16:23 -0600
yea. just wish i was confident enough that i could backup my websites,
databases, etc. looks like its back to day 1.
-----Original Message-----
From: "Daniel Wittenberg" <daniel-wittenberg@starken.com>
To: "CIA LUG" <cialug@cialug.org>
Date: Thu, 10 Mar 2005 10:00:42 -0600
Subject: Re: [Cialug] rootkit
> Looks like you also aren't getting some the checks done too -
>
> Definitely looks like a problem to me...
>
> Dan
>
> On Thu, 2005-03-10 at 09:47 -0600, admin wrote:
> > consistent 5 times over.
> >
> > Checking `ifconfig'... INFECTED
> > Checking `ldsopreload'... can't exec ./strings-static, not tested
> > Checking `pstree'... INFECTED
> > Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\)
> > rootkit installed
> > Searching for Showtee... Warning: Possible Showtee Rootkit installed
> > Searching for Romanian rootkit... /usr/include/file.h
> /usr/include/proc.h
> > Checking `sniffer'... not tested: can't exec ./ifpromisc
> > Checking `wted'... not tested: can't exec ./chkwtmp
> > Checking `z2'... not tested: can't exec ./chklastlog
> > Checking `chkutmp'... not tested: can't exec ./chkutmp
> > ---------------------
> > admin@c0wzftp.com
> > Administrator - Email Service
>
>
> _______________________________________________
> Cialug mailing list
> Cialug@cialug.org
> http://cialug.org/mailman/listinfo/cialug
-------------------------
want an email address ending in @c0wzftp.com?
send an email on over to admin@c0wzftp.com