[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a compromised machine

On Tue, Jul 26, 2005 at 04:39:20PM -0400, Edward Faulkner wrote:
> On Tue, Jul 26, 2005 at 10:02:52PM +0200, Nejc Novak wrote:
> > Can you get any information out of this cron file? I tried creating the 
> > same exec that this file creats, but obiously i was doing sth wrong :)
> The crontab writes out a binary file and executes it.  I straced the
> binary on a virtual machine with no network.
> It's attempting to connect to two different hosts:

This is an IRC server. The program seems to be an IRC zombie.

Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to: