-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11.06.2010 18:13, unsp...@hushmail.com wrote: > Hello Udo, > > On Fri, 11 Jun 2010 16:45:00 +0200 Udo Rader > <udo.ra...@bestsolution.at> wrote: >> one or our servers had previosly been compromized by a rootkit that >> rkhunter did not detect (..) It says "Enjoy FloodBot based on > OverKill" (..) > > Please see my post-mortem here: > http://ubuntuforums.org/showthread.php?t=1403787. > > >> Now that we removed it, I have a couple of files laying around > here and >> am willing to contribute if someone is interested in dissecting. > > If contents and behaviour differ from what's posted in the 3-page > thread above please let me know, preferably by opening a ticket in > RKH's bug tracker at Sourceforge: > http://sourceforge.net/tracker/?atid=794187&group_id=155034&func=bro > wse, TIA.
Hi unSpawn, ok, I see you already have met the kit in question ;-) - From what I see, there is not much difference between the two infections, except maybe that I only see 23 files (instead of the 25) and maybe that the kit was installed in /tmp/lib. In there it was further hidden inside a ".,." directory, giving /tmp/lib/.,. Maybe just something to be added to "suspicious directories". Regards Udo - -- Udo Rader | CEO BestSolution.at EDV Systemhaus GmbH | company Eduard-Bodem-Gasse 5 | address A-6020 Innsbruck | city +43 512 935834 | phone http://www.bestsolution.at | web -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMGQOuAAoJEJA9QoEqa9WBRv8H/3fs+2jMhHvIL+X8NlMTqI/m q7A9p2V25DrVwk6tlgDtPdE5wVWO4dVKKJbYPK1o0eX08Wark66lpp0AGADI1ZhM dGee65NVSPtTxxvATeubiK5U5pw57ycQSqQZaoyJ1cJ1ghRtLcPifgwACZo7FKQZ mUx0G2SZ8XnVJ+2WDDXCoPkeu8NWA4bTcwtB1Lb4mXcPLbscq1MzEhHOOkyt0Xb+ goLARFqHx9JjTisDoU2NgXeTSPutuyLFAhoWnXi8QU+YTifHHmkocceXg1PzmViZ B7tzOVPIZyh/OBVO3v5XqbiZX0p9JVqDjy1PTjx7RWquIOCFOyNxQ9CoaekI4uw= =rxAv -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
