Author Topic: Linux Security Threat (Read 1205 times)

Hammer · « **on:** September 22, 2003, 01:04:17 PM »

Quoting Symantec.

"Discovered on: September 19, 2003
Last Updated on: September 19, 2003 07:45:07 PM
...
Trojan.Linux.Zab is ostensibly a tool for exploiting a buffer management vulnerability in OpenSSH. However, it is actually a Trojan Horse that compromises the security of the computer on which it is run. "

Required Link

Quote

Technical Details

The Trojan sends data to TCP port 22 (the port that the SSH daemon uses) of the computer specified on the command line. This data is not malicious and has no discernible effect on that computer.

The Trojan adds an entry for a new user with a User ID of 0 ("root") in the password file, /etc/passwd, and adds a password for that user in the shadow password file, /etc/shadow. Then, it creates a file, /tmp/.tmp, which contains the following lines of text:

/etc/passwd
/etc/shadow
known_hosts, for which it searches in the directories /root/.ssh* and in /home and all its subdirectories.

The Trojan emails this file to two addresses, and then deletes it.

kd7ota · « **Reply #1 on:** September 22, 2003, 01:22:56 PM »

All trojan and virus and adware makers should die! :-D

HaX0R:destroy:

Author Topic: Linux Security Threat (Read 1205 times)

Hammer

Linux Security Threat

kd7ota

Re: Linux Security Threat