[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Hacked - Ambient's Rootkit for Linux ?
- Subject: [cobalt-users] Hacked - Ambient's Rootkit for Linux ?
- From: cobalt@xxxxxxxxxxxxx
- Date: Fri Nov 8 13:41:02 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi all,
I believe I have been hacked (well I'm sure, but I still have hope)
chkrootkit returns:
Checking `du'... INFECTED
Checking `killall'... INFECTED
Checking `ls'... INFECTED
Checking `netstat'... INFECTED
Checking `ps'... INFECTED
Checking `pstree'... INFECTED
Checking `syslogd'... INFECTED
Checking `top'... INFECTED
With the following time stamps and sizes
-rwxrwxr-x 1 root root 43336 Nov 8 15:40 login
-rwxrwxr-x 1 root root 184023 Nov 8 15:40 ls
-rwxrwxr-x 1 root root 258612 Nov 8 15:40 netstat
-rwxrwxr-x 1 root root 47388 Nov 8 15:40 ps
-rwxrwxr-x 1 root root 28696 Nov 8 15:40 syslogd
-rwxrwxr-x 1 root root 117311 Nov 8 15:40 du
-rwxrwxr-x 1 root root 22459 Nov 8 15:40 killall
-rwxrwxr-x 1 root root 24147 Nov 8 15:40 pstree
-rwxrwxr-x 1 root root 68692 Nov 8 15:40 top
-rwxrwxr-x 1 root root 655916 Nov 8 15:40 sshd
The only patch I'm missing (I believe) is RaQ4-mod_ssl-2.8.4.pkg.
ANY Help and advice would be appreciated
Regards
Andy