Re: a compromised machine
On Tue, Jul 26, 2005 at 04:39:20PM -0400, Edward Faulkner wrote:
> On Tue, Jul 26, 2005 at 10:02:52PM +0200, Nejc Novak wrote:
> > Can you get any information out of this cron file? I tried creating the
> > same exec that this file creats, but obiously i was doing sth wrong :)
> The crontab writes out a binary file and executes it. I straced the
> binary on a virtual machine with no network.
> It's attempting to connect to two different hosts:
This is an IRC server. The program seems to be an IRC zombie.
Marcin Owsiany <firstname.lastname@example.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216