Amiga.org

Amiga News and Community Announcements => Amiga News and Community Announcements => General Internet News => Topic started by: Hammer on September 22, 2003, 01:04:17 PM

Title: Linux Security Threat
Post by: Hammer on September 22, 2003, 01:04:17 PM

Quoting Symantec.

"Discovered on: September 19, 2003  
Last Updated on: September 19, 2003 07:45:07 PM
...
Trojan.Linux.Zab is ostensibly a tool for exploiting a buffer management vulnerability in OpenSSH. However, it is actually a Trojan Horse that compromises the security of the computer on which it is run. "

Required Link (http://securityresponse.symantec.com/avcenter/venc/data/trojan.linux.zab.html)

Quote

Technical Details

The Trojan sends data to TCP port 22 (the port that the SSH daemon uses) of the computer specified on the command line. This data is not malicious and has no discernible effect on that computer.

The Trojan adds an entry for a new user with a User ID of 0 ("root") in the password file, /etc/passwd, and adds a password for that user in the shadow password file, /etc/shadow. Then, it creates a file, /tmp/.tmp, which contains the following lines of text:

/etc/passwd
/etc/shadow
known_hosts, for which it searches in the directories /root/.ssh* and in /home and all its subdirectories.

The Trojan emails this file to two addresses, and then deletes it.

Title: Re: Linux Security Threat
Post by: kd7ota on September 22, 2003, 01:22:56 PM

All trojan and virus and adware makers should die! :-D

HaX0R:destroy: