On 01/22/2013 10:13 AM, Colin Hines wrote:
I came upon a hacked server in the wild that was running some errant perl
processes and found this: https://gist.github.com/4596612
I'm not sure it's technically a rootkit, since I don't believe it was able to exploit outside the security context of the tomcat user. I'm curious if this qualifies to be
submitted to be included with rkhunter and if so, what's the best mechanism of doing that. It seems to be an IRC bot that will accept commands and do syn floods.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Sure looks like an attack bot to me
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
