Date: Mon, 23 Apr 2001 18:11:40 -0400 From: "Michael Scheidell" <scheidell@fdma.com> To: <freebsd-security@freebsd.org> Subject: Re: Connection attempts (& active ids) Message-ID: <002c01c0cc42$65b4cef0$0503a8c0@fdma.com> References: <20010423231908.N574-100000@axis.tdd.lt>
next in thread | previous in thread | raw e-mail | index | archive | help
fyi, it is this activity, documented on several security lists that we are seeing. It is compromised systems we see trying to find 'children' I would like to inform the owners of these systems that their computers have been hacked into and let them take note (sure beats the daily posts 'I found this in my logs, was I hacked'? I would rather be proactive than reactive. Now, since I can't wave a magic wand and do an rm -rf / & on every linux/redhat 6.2 system out there, best I can do is to keep them from spreading germs. ---- from recent mcafee email: 4. Virus News ? Linux/Adore Worm RISK ASSESSMENT: LOW Discovered on 4/5/01, The Linux/Adore package, containing "Elf" binary files as well as script files, targets to scan the internet to look for vulnerable Linux systems to exploit. (Bind, rpc.statd, wu-ftp, lpd) When an exploitable system has been found, it replaces the process file called "ps". The original file gets moved to the /usr/bin/adore directory, while the other files from the Linux/Adore package are put into /usr/lib/lib. If successful, the worm tries to send an e-mail to 4 e-mail addresses. The e-mail contains system info from the vulnerable systems. Learn more at http://hq.mcafeeasap.com/dispVirus.asp?virus_k=99064 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002c01c0cc42$65b4cef0$0503a8c0>