Re: Strange segmentation faults and Zombies

To: debian-security@lists.debian.org
Subject: Re: Strange segmentation faults and Zombies
From: Michel Messerschmidt <lists@michel-messerschmidt.de>
Date: Thu, 18 Sep 2003 19:02:06 +0200
Message-id: <[🔎] 20030918170207.8570.qmail@mail.artfiles.de>
In-reply-to: <[🔎] 200309181649.17422.diego@conysis.com>
References: <[🔎] 3F68C446.7070606@tgm.ac.at> <[🔎] 200309181649.17422.diego@conysis.com>

Diego Brouard schreibt:

As you've seen you have been cracked by a "worm", it's called
RST.b.In few words, it infect exectable files in /bin and in the current directoryfrom where you are executing an already infected binary. You were infected
because of a php bug and the ptrace bug.


Might be a side effect of the tools that were used.

A quick scan with f-prot shows several infected files on the serverwww.slacks.hpg.ig.com.br:

www.slacks.hpg.ig.com.br/bin/telnetd  Infection: Unix/RST.B
www.slacks.hpg.ig.com.br/bin/sslscan  Infection: Unix/RST.B
www.slacks.hpg.ig.com.br/bin/rh  Infection: Unix/Osf.A
www.slacks.hpg.ig.com.br/bin/mass  Infection: Unix/Osf.A
www.slacks.hpg.ig.com.br/bin/co1  Infection: Unix/Osf.A

www.slacks.hpg.ig.com.br/psyBNC.tar.gz->?->psybnc/makesalt Infection:Unix/Osf.Awww.slacks.hpg.ig.com.br/psyBNC.tar.gz->?->psybnc/psybnc Infection:Unix/Osf.ABut AFAIK none of these viruses is able to get root rights, so the attackermust have got root rights before.

Reply to:

Follow-Ups:
- Re: Strange segmentation faults and Zombies
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Strange segmentation faults and Zombies
  - From: Markus Schabel <markus.schabel@tgm.ac.at>
- Re: Strange segmentation faults and Zombies
  - From: Diego Brouard <diego@conysis.com>

Prev by Date: Re: Strange segmentation faults and Zombies
Next by Date: Re: Strange segmentation faults and Zombies
Previous by thread: Re: Strange segmentation faults and Zombies
Next by thread: Re: Strange segmentation faults and Zombies
Index(es):
- Date
- Thread