[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a compromised machine

OK :)

So, for now i killed this process, disabled the cronjob and killed web server - there is now way the attacker is capable of coming back into server or is there a chance that there is another backdoor installed somewhere (chkrootkit doesn't find anything).


Marcin Owsiany wrote:

On Tue, Jul 26, 2005 at 04:39:20PM -0400, Edward Faulkner wrote:
On Tue, Jul 26, 2005 at 10:02:52PM +0200, Nejc Novak wrote:
Can you get any information out of this cron file? I tried creating the same exec that this file creats, but obiously i was doing sth wrong :)
The crontab writes out a binary file and executes it.  I straced the
binary on a virtual machine with no network.

It's attempting to connect to two different hosts:

This is an IRC server. The program seems to be an IRC zombie.


Reply to: