[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] are these worm files?
- Subject: Re: [cobalt-users] are these worm files?
- From: "Roger Dunk" <roger@xxxxxxxxx>
- Date: Fri Mar 23 09:37:12 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
You've been hacked. Those files are part of the t0rn rootkit.
Do a search of the archives and you'll find plenty of information about
this. If you have reasonable *nix experience, you may be able to clean
things up. Otherwise, the Restore CD is probably the best option.
Cheers...
Roger
----- Original Message -----
From: "Loryan Strant" <cobalt-users@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Saturday, March 24, 2001 11:41 AM
Subject: [cobalt-users] are these worm files?
> Hi,
>
> I've just run Lionfind on my Cobalt RaQ4, and it says the following are
> suspicious files:
>
> /usr/src/.puta/.1addr /usr/src/.puta/.1file /usr/src/.puta/.1proc
> /usr/src/.puta/.1logz /usr/src/.puta/ /usr/src/.puta/ /usr/info/.t0rn/
>
> I find those a little odd too, so I'm wondering if I can delete this whole
> directory.
> Does anyone have any suggestions?
>
> Thanks,
>
> Loryan
>
>
>
> *******************************************************************
> Loryan Strant
> IT Director
> ExaSites Pty Ltd
> Email://loryan@xxxxxxxxxx
> Web://www.exa.com.au
> Disclaimer:
> Nothing in this correspondence:
> 1. should be interpreted as being legal advice;
> 2. shall be construed as a solicitation of any kind;
> 3. should be interpreted as a signature or mark that can create a legally
> binding commercial relationship;
> 4. should be omitted in any fair use of this correspondence; and
> 5. is necessarily the opinion of ExaSites Pty Ltd
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users