[nylug-talk] linux worms
H. G.
tekronis at gmail.com
Tue Oct 30 00:51:04 EDT 2007
On 10/29/07, Kevin Mark <kevin.mark at verizon.net> wrote:
>
> On Mon, Oct 29, 2007 at 12:23:35PM -0400, Alex Pilosov wrote:
> > Well,
> >
> > So one of my boxes was recently pwned by a worm/trojan/viruses. I want
> to
> > find out if this is something known in the wild or this is something
> new.
> >
> > Symptoms: It injects itself into *many* (most? possibly modifies
> binaries
> > sort of like old DOS viruses?). When straced, these binaries fail, virus
> > has rudimentary protection against tracing, it does (in short)
> > pipe()
> > fork()
> > ptrace(parent)
> What tipped you off to the infection?
>
> Maybe when his shell prompt was changed to "PWNED: $" ?
More information about the nylug-talk
mailing list