-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
one or our servers had previosly been compromized by a rootkit that rkhunter did not detect (well to be entirely honest, I am not 100% sure that the kit actually tries to compromize "root", so maybe "rootkit" is too much for a name :-) It says "Enjoy FloodBot based on OverKill" and installed a y2kupdate cronjob on the server, but besides causing occasional heavy network traffic not much occured. Now that we removed it, I have a couple of files laying around here and am willing to contribute if someone is interested in dissecting. Udo - -- Udo Rader | CEO BestSolution.at EDV Systemhaus GmbH | company Eduard-Bodem-Gasse 5 | address A-6020 Innsbruck | city +43 512 935834 | phone http://www.bestsolution.at | web -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMEkvsAAoJEJA9QoEqa9WBfvoH/jlTC0qK5aFrX/edONPn8LFq qkKk9A4orczdBtobROvOg4qFPoDpcZ/9hjf4ZbNAsKAY1gRfguW4sXr2ZLmc9gf6 yoVSZonF4RNkBKdtHo39FSZBqXsyGSpmgyptxCM7NPnGkg46VZnIfSFlX9kN6xrb sqc4j1JlU6YhJH62LXbvFm97Nt8RbDeAMG22oXXuA9ccLevL2aAMsaaI9+k+x3GT ER5LkE0xMvfDPj/ZFwkoKX9tOMMFUtV01wQm+8w9hrwleiCjmcDbxgMjMqdLVg0g zKv+/7K5Wbsri6H6lCUB6R73vfG767GlszeCiVKuPoj+AFZFEvOdUnkJcD/TZ9g= =t2op -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
