[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How I got hacked last week: Redhat 7

Steve here,

Several have voiced an interest in the hack. Well here is a guess and some facts:

For those interested in the hack, I think it was the "Dameon worm" but could not find any evidence of the trace files on my system. Here is what happened:

1. I get a letter from "hacked@attrition.org" saying: "Urgent! Security incident on your machine! Attrition.org is a non-profit, hobby web site that monitors
computer crime on the internet. In the past few minutes, we
have been notified that your domain was hacked, and your web
page defaced. This means that the intruder has edited your
web page in some way. Due to this, it is quite likely that
one or all of the machines on your network are compromised.
You may wish to take immediate action to correct this problem
and respond to the intrusion."

2, I noticed my clock went forward maybe a day and had to reset it via "date" command.

3. I notice a single page was changed: "index.html"

Here is the code from that page:

<!-- BEGIN Naviscope Javascript -->
<script language='javascript'>
          function NS_NullWindow(){this.window;}
          function NS_NewOpen(url,nam,atr){return(new NS_NullWindow());}
<!-- END Naviscope Javascript -->

<title>..:: Quit Crew ::..</title>
<body bgcolor="#FFFFFF">
<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
        ID=devil WIDTH=731 HEIGHT=562>
        <PARAM NAME=movie VALUE="qc.swf">
        <PARAM NAME=loop VALUE=false>
        <PARAM NAME=quality VALUE=high>
        <PARAM NAME=bgcolor VALUE=#FFFFFF>


end code

4. I have noticed nothing other than these changes.

So there you have it. I didn't even ever get to see what the flash was all about it just loaded forever without anything. You know for all my trouble, I should have at least got some free artwork!


Reply to: