On Fri, May 19, 2000 at 08:26:16AM -0500, Jim Roland wrote:
> Since I never ran this as root, it never created anything on my system.
> The guy did try to send the mail and get me to run it as root again...did
> he honestly think I would read it a 2nd time as root if I wouldn't read his
> message as root the first time?!
Did you get a full copy of the message and capture the source
it was trying to download? Please bounce a copy this way or send it
to "[EMAIL PROTECTED]" which is my address at Internet Security Systems, Inc,
please. I've also been in touch with Harold Phipps of the FBI who is
in charge of their Cybercrimes South Eastern office. He's forwarded
some of this matterial up to their national people.
I'm going to try and snatch a copy of the other code myself.
Please bounce a copy of the message my way.
Mike
> -=>Jim Roland
> "Never settle with words what you can settle with a flamethrower."
> --Anonymous
> On Fri, 19 May 2000 [EMAIL PROTECTED] wrote:
>
> > Date: Fri, 19 May 2000 04:55:56 EDT
> > From: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: URGENT!!!!!!! Pine hacking attack: DOS attack, log file
> >
> > You might be pleased to know (only I doubt it) that tofan.onza.net was
> > still willing to deliver that nasty little script with its imbedded io
> > program when www4mail got around to fetching it for me. That was Friday
> > May 19 06:12:31 -0000, so if I wanted to, I could rehost it and spread
> > the word. I won't: even if i was inclined to, I am too tightfisted to
> > rehost it. Did you notice that it has messed with
> > ~/.ssh/authorized_keys as well as ~/.rhosts? If you use ssh, you might
> > like to clear and regenerate your keys. I think that might be a
> > feint. Well, maybe not. I have ssh2, and the names are different.
> > It _might_ have inserted its own password for ssh for your account.
> > Lawson
> > ---cut here
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
