TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] possible trojan..not sure...help please

Date: Wed, 16 Apr 2003 01:02:09 +0900

From: Gavin <gavin-39@example.com>

Subject: [tlug] possible trojan..not sure...help please

Organization: GES

User-agent: KMail/1.5
I need some help fast! ran chkrootkit on my MDK server last night and I found 
that port 1008 is INFECTED (binshell). I have no idea what benshell is.                
Next running nmap I got this message
Port     State       Service
1008    open        ufsd

found more info and it seems that this is the starting point for the lion worm 
(china.com) I did a trojan and stealth scan  via sygate and grc and nothing 
showed up! did some research found this

 http://info.ccone.at/INFO/Mail-Archives/redhat/Jan-2002/msg02703.html

its almost the same but the files are different, my files show that amd is 
running on this port. ok to make a long story short what should I do!! this 
is my FIRST time seeing this.. panic level is HIGH! 
-- 
Gavin
c/o GES
Fukushimaken, Fukushima City
Nankodai 2-34-1
Zip:960
Japan
Register Linux user # 199685
Follow-Ups:

Re: [tlug] possible trojan..not sure...help please
From: Thomas Kruemmer

Prev by Date: [tlug] gcc-3.2.2 on freebsd-3.3 build error

Next by Date: Re: [tlug] Eating bugs...

Previous by thread: [tlug] gcc-3.2.2 on freebsd-3.3 build error

Next by thread: Re: [tlug] possible trojan..not sure...help please

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links