] On Behalf Of Mark A. Garcia
Sent: Tuesday, February 08, 2005 9:57 AM
To: Bret Walker
Cc: freebsd-questions@freebsd.org
Subject: Re: httpd in /tmp - Sound advice sought
Bret Walker wrote:
Last night, I ran chkrootkit and it gave me a warning about being
infected with Slapper. Slapper
as well
Also, I'm tarring /usr and am going to run a diff on it compared to a
clean install.
Bret
-Original Message-
From: Redmond Militante [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 08, 2005 1:45 PM
To: Bret Walker
Subject: Re: httpd in /tmp - Sound advice sought
, 2005 2:21 PM
To: Bret Walker
Subject: Re: httpd in /tmp - Sound advice sought
[Tue, Feb 08, 2005 at 01:43:36PM -0600]
This one time, at band camp, Bret Walker said:
I do read it, but not every day (weekends, especially).
i use logcheck to mail me the messages log every 15 mins
Do
i know a certain hacking group who is trying to run their trojan as httpd, i
discovered that info through some shell account i am running, that has tried
to start this rootkit on our machine.
heres a short view from the shell's history:
-
wget
, February 09, 2005 8:48 AM
To: Bret Walker; freebsd-questions@freebsd.org
Subject: Re: httpd in /tmp - Sound advice sought
i know a certain hacking group who is trying to run their trojan as httpd,
i
discovered that info through some shell account i am running, that has
tried
to start this rootkit
.
Thanks,
Bret
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Oliver Leitner
Sent: Wednesday, February 09, 2005 8:48 AM
To: Bret Walker; freebsd-questions@freebsd.org
Subject: Re: httpd in /tmp - Sound advice sought
i know a certain hacking group
Last night, I ran chkrootkit and it gave me a warning about being infected
with Slapper. Slapper exploits vulnerabilities in OpenSSL up to version
0.96d or older on Linux systems. I have only run 0.97d. The file that
set chkrootkit off
was httpd which was located in /tmp. /tmp is always
Bret Walker wrote:
Last night, I ran chkrootkit and it gave me a warning about being infected
with Slapper. Slapper exploits vulnerabilities in OpenSSL up to version
0.96d or older on Linux systems. I have only run 0.97d. The file that
set chkrootkit off
was httpd which was located in /tmp.