Date: Sun, 15 May 2005 01:29:21 +1000 From: "Drew B. [Security Expertise/Freelance Security research]." <d4rkstorm@gmail.com> To: freebsd-security@freebsd.org Subject: RE: Need some help Message-ID: <245f0df105051408291dd3b641@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I would like to ask for some specialist assistance in dissecting a 'rootkit' (seems to be massmailing specific,crafted somehow from another kit perhaps) It was found running on 5.x machines belonging (sofar) to my knowledge, 2 companies,one of wich was an isp and another a webhosting service running bsd. I will provide the kit and further details as soon as i am sure the thing will be dealt with by someone official. Being properly examined so all exploits within it can be marked out,whether new and/or old-modified is important and I cannot successfully complete dissection with my current equipment. The atacks are still happening, the familiar 'ebay' login page or paypal, however, the bug itself is Linux-platform speciic, extremely stable, and extremly hard to remove. Anyone interested who has the abality,especially an A/V tech/worker with a certificate from the company or atleast email header,or anyone associated that can link this to freebsd security offically. I can confirm that it is stable and running on v5.x FreeBSD now, and have no idea how long it has been around. Regards, (&&assist) -------------------------------------------------------------------- Drew B. Independant Security analysis,for Aussies. Security researcher/expert,threat-focus,Freelance.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?245f0df105051408291dd3b641>