RE: Need some help

• Previous message: Dag-Erling Smørgrav: "Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]"
• Next in thread: Dag-Erling Smørgrav: "Re: Need some help"
• Reply: Dag-Erling Smørgrav: "Re: Need some help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 15 May 2005 01:29:21 +1000
To: freebsd-security@freebsd.org

Hello,
I would like to ask for some specialist assistance in dissecting a
'rootkit' (seems to be massmailing specific,crafted somehow from
another kit perhaps)

It was found running on 5.x machines belonging (sofar) to my
knowledge, 2 companies,one of wich was an isp and another a webhosting
service running bsd.
I will provide the kit and further details as soon as i am sure the
thing will be dealt with by someone official.
Being properly examined so all exploits within it can be marked
out,whether new and/or old-modified is important and I cannot
successfully complete dissection with my current equipment.
The atacks are still happening, the familiar 'ebay' login page or
paypal, however, the bug itself is Linux-platform speciic, extremely
stable, and extremly hard to remove.
Anyone interested who has the abality,especially an A/V tech/worker
with a certificate from the company or atleast email header,or anyone
associated that can link this to freebsd security offically.
I can confirm that it is stable and running on v5.x FreeBSD now, and
have no idea how long it has been around.
Regards,
(&&assist)
--------------------------------------------------------------------
Drew B.
Independant Security analysis,for Aussies.
Security researcher/expert,threat-focus,Freelance.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Dag-Erling Smørgrav: "Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]"
• Next in thread: Dag-Erling Smørgrav: "Re: Need some help"
• Reply: Dag-Erling Smørgrav: "Re: Need some help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Need some help ... > I would like to ask for some specialist assistance in dissecting a ... > another kit perhaps) ... Uninformed people would think it logical to contact the FreeBSD ... Security Officer before discussing security issues ... (FreeBSD-Security) Re: Script to replace user in W2K / NTFS ... You could check out the utilities in the Windows Resource Kit from ... "resource" or "kit" you should find a URL telling you where on the Microsoft ... > within the context of NTFS security. ... Is there a script, ... (microsoft.public.win2000.security) [security bulletin] SSRT4717 rev.0 HP Tru64 UNIX SSL/TLS Potential Remote Denial of Service (DoS) ... SSRT4717 rev.0 HP Tru64 UNIX SSL/TLS Potential Remote ... Bulletin provided that it remains complete and intact. ... The information in this Security bulletin should be acted upon as ... Kit Readme Location: ... (Bugtraq) [security bulletin] SSRT5957 rev.0 - HP Tru64 UNIX IPSEC Tunnel ESP Mode Remote Unauthorized Disclos ... The information in this Security Bulletin should be acted upon ... kit, HP is releasing the following Early Release Patch (ERP) kits. ... (Bugtraq) Re: Need some help ... The files are complete and intact (the kit was found before the people ... Notes for others (security minded) while this kit is examined more:: ... For the A/v who are keen to improve theyre apps; ... >> Drew B. ... (FreeBSD-Security)