Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"

To: debian-security@lists.debian.org
Subject: Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"
From: Rick Moen <rick@linuxmafia.com>
Date: Sun, 15 Jun 2003 13:55:27 -0700
Message-id: <[🔎] 20030615205527.GM3541@linuxmafia.com>
In-reply-to: <[🔎] 200306151943.17896.fuska@phreaker.net>
References: <[🔎] 20030614061656.M73167@lalila.net> <[🔎] 200306151943.17896.fuska@phreaker.net>

Quoting Fuska (fuska@phreaker.net):

> No, that isn't normal. It seems that you have been infected whith the rstb
> virus. It infects all executable files under /bin/ directory and under the
> directory from which the infected file has been launched. Seach for
> rstb_cleaner, whith this tool you can clean the infected files.

Ah, a local ELF-header infector.  How quaint!  Haven't seen those in a
dog's age.

> Most of 7350* fake 0days are infected with some kind of virus. Maybe
> a user uploaded and executed an infected exploit.

Executed with root-user authority, if the process modified /bin/*, yes?

-- 
Cheers,              First they came for the verbs, and I said nothing, for
Rick Moen            verbing weirds language.  Then, they arrival for the nouns
rick@linuxmafia.com  and I speech nothing, for I no verbs. - Peter Ellis

Reply to:

References:
- cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"
  - From: "eyem" <eyem@lalila.net>
- Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"
  - From: Fuska <fuska@phreaker.net>

Prev by Date: Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"
Next by Date: Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"
Previous by thread: Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"
Next by thread: Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"
Index(es):
- Date
- Thread