[lug] intrusion
gordongoldin at aim.com
gordongoldin at aim.com
Wed Jun 13 12:16:31 MDT 2007
There was a funny UID - easypwn.
Changed the passwd, later saw:
easypwn tried to get in, failed, then another "don't know who it is userID" mailmn got on from same IP.
The easypwn tried to get in again and logged in successfully.
Looking around, I saw:
?...porn.zip in a temp file
Due to powers that be, I can't just shut this down.
Has anyone seen something like this before?
(Hoping this is something less than a rootkit.)
What's the short list of cleaning procedures/lockdowns while taking this machine out of service?
________________________________________________________________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20070613/98c97019/attachment.html>
More information about the LUG
mailing list