RE: SSH compiled with backdoor

From: Chain, David (NA ITRC Team Lead) (david.chain_at_hp.com)
Date: 09/02/05

Next message: Joshua Hamor: "Re: Cisco vulnerability scanning increase"

Previous message: morriswurm_at_yahoo.com: "Cisco vulnerability scanning increase"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 2 Sep 2005 13:33:39 -0700
To: <james@securityfocus.com>, <incidents@securityfocus.com>

VI is much better than PICO.. But chances are, if he is looking to do
something harmful, it will be embedded deeper then in the java
libraries.

David.

-----Original Message-----
From: james@securityfocus.com [mailto:james@securityfocus.com]
Sent: Friday, September 02, 2005 1:05 AM
To: incidents@securityfocus.com
Subject: Re: SSH compiled with backdoor

it's quite interesting. Although i can't find any reason for these
commands.

mkdir /lib/java
cp /usr/sbin/sshd a
mv a /lib/java

It might be that he wants to come back and do something with it.
Anyone?

(btw, why not delete pico from your system and intall vi(m)... he might
get pissed and leave. )

cheers.

Next message: Joshua Hamor: "Re: Cisco vulnerability scanning increase"

Previous message: morriswurm_at_yahoo.com: "Cisco vulnerability scanning increase"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]