[svlug] worms -n stuff
marc_news at valinux.com
Sun Jun 3 21:00:01 PDT 2001
On Sun, Jun 03, 2001 at 04:38:08PM -0700, Alvin Oga wrote:
> hi ya
> since its sorta quiet... thought i'd rattle the cage ... :-)
> - found a hacker in one of my boxes ... sorta harmless ....
Was he writing code on your machine?
> - moral of the issue...
> - even if you run ssh ... it dont really matter ...
> - even if you run insecure ftp/pop3 .. it dont really matter
It does. Unencrypted connections are of course to avoid completely, but
crypted authentication doesn't mean that you're safe (especially if the
other end is compromized and runs a trojanned ssh)
> - they gonna go after something they can get into
> and than poke around to do more stuff
> - i think the damage was minimized by having a small / partition
> - they created a 20Mb killall file... whatever it does...
That's a pretty big binary :-)
> - note that looking for they worm-dependent files will only check
> for that particular one worm...
> - you should run tripwire to find all new/added/changed files
I know a place where they ran touch against the whole filesystem.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key
More information about the svlug