[Dshield] OpenSSH exploit in use

Nike niklas.laxstrom at phnet.fi
Fri Sep 26 15:55:17 GMT 2003


In private school I go, we had two Linux boxes compromised last week,
first gentoo: all files except system were removed, passwd removed and
shadow edited and root folder deleted. Then few days later another guy
with debian got hit, all his files from home directory were removed and
info file added: Content was something like: HaxorZ / Have fun. Also his
passwd and shadow files were edited/deleted.

Common factors we come up were
 1. Both were using putty from class computers. The guy with debian was
logged as root before all his files were removed.
 2. Both computers did run irc client which was connected to qnet &
ircnet
 3. Both was off computer for longer time when files were deleted.

Has anybody else had same experiences or know if there is some kind of
exploit tool going around?

// Nikerabbit // This is the end of all hope
<Telerium>  Hän oli apinamies, hän ei antanut periksim sillä apinamiehen
työ on apinoida joka yö. 






More information about the list mailing list