Re: Potential Virus or System Message?
Incoming from Faithful John:
>
> I got this weird message, when I left my email through Telnet/Pine
> running when I left my house.
>
> + N 15 Apr 27 Dixie H. Brunson (2,892) Cialis Soft Tabs - Super Viagra
> + N 16 Apr 27 Garry Martin (2,769) Get it up again
> + N 17 Apr 27 Candy King (9,592) Info Package: Altoids Vending
> + N 18 Apr 28 Ariel N. McFadden (2,839) Remember the old days?
> + N 19 Apr 28 EyeQ (15,740) Increase reading speed& comprehension
> Broadcast Message from root (???) on log3 Sun May 1 06:00:01...
> ? Help < FldrList P PrevMsg - PrevPage D Delete The
> system will be shut down in 1 minute N NextMsg Spc NextPage U
> Undelete F Forward
> just because
> Broadcast Message from root (???) on log3 Sun May 1 06:00:32...
> The
> system will be shut down in 30 seconds
> just because
> Broadcast Message from root (???) on log3 Sun May 1 06:00:52...
> THE
> SYSTEM IS BEING SHUT DOWN NOW ! ! !
> Log off now or risk your files being damaged
> just because
> Connection closed by foreign host.
> You have new mail in /var/mail/selam
> selam@thegreatest:~$
I'd say someone got in, and they got in far enough to shutdown the
machine, which generally means root. Time to reinstall. Next time,
go through the "ps fax" list, and anything that shouldn't be running,
disable it.
> Of course, nothing happened... at least I'm pretty sure (I'm a
Your box may be alright, or it may now be a zombie spam host. Pore
over the logs in /var/log and see if you can find out how they got
in. Install chkrootkit and see what it says.
However, I'd give up on it. There's no telling what they left behind
or replaced.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling Please don't Cc: me.
- -
Reply to: