Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 May 2005 01:29:21 +1000
From:      "Drew B. [Security Expertise/Freelance Security research]." <d4rkstorm@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   RE: Need some help
Message-ID:  <245f0df105051408291dd3b641@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Hello,
I would like to ask for some specialist assistance in dissecting a
'rootkit' (seems to be massmailing specific,crafted somehow from
another kit perhaps)

It was found running on 5.x machines belonging (sofar) to my
knowledge, 2 companies,one of wich was an isp and another a webhosting
service running bsd.
I will provide the kit and further details as soon as i am sure the
thing will be dealt with by someone official.
Being properly examined so all exploits within it can be marked
out,whether new and/or old-modified is important and I cannot
successfully complete dissection with my current equipment.
The atacks are still happening, the familiar 'ebay' login page or
paypal, however, the bug itself is Linux-platform speciic, extremely
stable, and extremly hard to remove.
Anyone interested who has the abality,especially an A/V tech/worker
with a certificate from the company or atleast email header,or anyone
associated that can link this to freebsd security offically.
I can confirm that it is stable and running on v5.x FreeBSD now, and
have no idea how long it has been around.
Regards,
(&&assist)
--------------------------------------------------------------------
Drew B.
Independant Security analysis,for Aussies.
Security researcher/expert,threat-focus,Freelance.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?245f0df105051408291dd3b641>