Re: Changing binaries

To: debian <debian-user@lists.debian.org>
Subject: Re: Changing binaries
From: Joey Hess <joey@kitenet.net>
Date: Mon, 31 Jul 2006 19:02:25 -0400
Message-id: <[🔎] 20060731230225.GB12677@kitenet.net>
Mail-followup-to: debian <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20060731220752.46444.qmail@web86103.mail.ird.yahoo.com>
References: <[🔎] 20060731214000.GA13052@steve.org.uk> <[🔎] 20060731220752.46444.qmail@web86103.mail.ird.yahoo.com>

Giles McGarry wrote:
> Steve, I think you've hit the nail on the head, running clamscan (didn't know
> it even existed until a few minutes ago) show the following:
> 
> /bin/bash: Linux.RST.B FOUND
> /bin/mv: Linux.RST.B FOUND
> /bin/grep: Linux.RST.B FOUND
> /bin/mt-gnu: Linux.RST.B FOUND
> /bin/tcsh: Linux.RST.B FOUND

http://www.viruslist.com/en/weblog?calendar=2005-09
http://www.lurhq.com/atd.html

One of those might possibly explain how that virus got on there.

I'd recommend a rebuild; you have a system here whose previous admin
has either been running untrusted (or compromised) binaries as root, or
not keeping the box secure.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Changing binaries
  - From: James Westby <jw+debian@jameswestby.net>

References:
- Re: Changing binaries
  - From: Steve Kemp <skx@debian.org>
- Re: Changing binaries
  - From: Giles McGarry <giles.mcgarry@orb-data.com>

Prev by Date: Re: Antialiasing and mount problem after Sid upgrade
Next by Date: Re: Changing binaries
Previous by thread: Re: Changing binaries
Next by thread: Re: Changing binaries
Index(es):
- Date
- Thread