[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Raq550: SMTP shutting down [SCANNED]

Subject: Re: [cobalt-users] Raq550: SMTP shutting down [SCANNED]
From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
Date: Thu Mar 18 10:45:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> The Linux/Rst-B virus left a backdoor for the hacker.

Is this backdoor on port 3049/UDP? (run netstat -nau and see if there's 
something on port 3049)
If yes, it was discussed here 3 days ago - ELF_GMON.A virus, which got 
onto box with S*ckIt rootkit...

> Like I said there is alot in the /home/tmp that shouldn't be there.
> Can/Should I delete it rightaway or leave it for someone with the
> skills to analyse the damage.
> I tried to ftp those files to a local pc and that's when I got the
> virus found message.

There's a way to detect ELF_GMON.A
strings OSF /<path>/* 

The only possible cure is to put original files... ClamAV and DrWeb 
didn't even detect it. 

Well, I can be wrong, and it is just a backdoor itself, not virus that 
left a backdoor.

WBR,
Dmitry

Follow-Ups:
- Re: [cobalt-users] Raq550: SMTP shutting down [SCANNED]
  - From: Dmitry Alexeyev

References:
- RE: [cobalt-users] Raq550: SMTP shutting down [SCANNED]
  - From: Crocket

Prev by Date: Re: [cobalt-users] Raq4 - MYSQL Password Lost
Next by Date: [cobalt-users] SMTP shutting down
Previous by thread: RE: [cobalt-users] Raq550: SMTP shutting down [SCANNED]
Next by thread: Re: [cobalt-users] Raq550: SMTP shutting down [SCANNED]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index