To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
Careful with this one.
./freebsd: Linux.RST.B-1 FOUND ./linux: Linux.RST.B-1 FOUND RST.B is a rather nasty executable infector which has the ability to open a backdoor on a compromised system. Anirudh, I'd recommend checking for executables writable by the compromised account on your friend's box. If RST was able to write to any of them, you can be sure it's spread. ClamAV will be able to help with identifying infected files. I'll give a few Undernet opers I know a heads up on these bots. Thank you. On Wed, Feb 27, 2008 at 03:55:32PM -0500, Anirudh Ramachandran babbled thus: > Hi, > > I found an IRC bot on a friend's linux computer that got in by > exploiting a weak password. A tar of the irc client (called "linux"), > some input text files, and the logs from the botnet IRC channel > (*.seen), as well as the attacker's .bash_history, is attached. The > seen files have a list of other bots, and the irc client still seems > to be able to log on to the channel (#unixware on undernet as far as I > can tell, requires a key that I wasn't able to find out probably > because I didn't use the right tools). Hope someone can make use of > this information. > > File available here: http://davis.gtnoise.net/~avr/tmp/aws.tar.gz > > anirudh -- PinkFreud Chief of Security, Nightstar IRC network irc.nightstar.net | www.nightstar.net Server Administrator - Blargh.CA.US.Nightstar.Net Unsolicited advertisements sent to this address are NOT welcome.
signature.asc
Description: Digital signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
