Re: /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN

To: Asim Saglam <yoda2@yoda2.xs4all.nl>
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN
From: Répási Tibor <repasi.tibor@chello.hu>
Date: Thu, 15 Jan 2004 21:37:04 +0100
Message-id: <[🔎] 4006F9F0.9050408@chello.hu>
In-reply-to: <[🔎] 4006EE28.50208@yoda2.xs4all.nl>
References: <[🔎] 4006EE28.50208@yoda2.xs4all.nl>

Hy,

I have the same file on my woody box.
Don't worry about it:
1.
   f-prot /usr/bin/ssh-copy-id
   Virus scanning report  -  15. January 2004   21:26

   F-PROT 3.12d
   SIGN.DEF created 9. January 2004
   SIGN2.DEF created 9. January 2004
   MACRO.DEF created 12. January 2004

   Search: /usr/bin/ssh-copy-id
   Action: Report only
   Files: Attempt to identify files
   Switches: <none>


   Results of virus scanning:

   Files: 1
   MBRs: 0
   Boot sectors: 0
   Objects scanned: 1

   Time: 0:00

   No viruses or suspicious files/boot sectors were found.

2.
   The script does exactly the thing described in it.

3.
   check md5sum to be sure, that You have the original deb package

   md5sum /usr/bin/ssh-copy-id
   a36ef875ba1c83e0c6d7cbf276e7f0f0  /usr/bin/ssh-copy-id

4.
   may check lastcomm to see when it was used

My conclusion: False alarm! May report it to NetAssoc. or change antivirsoftware.


Regards,
   RT

Reply to:

References:
- /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN
  - From: Asim Saglam <yoda2@yoda2.xs4all.nl>

Prev by Date: Mirroring security.debian.org for internal use
Next by Date: Strange file atttributes
Previous by thread: Re: /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN
Next by thread: Re: /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN
Index(es):
- Date
- Thread