[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: t0rnkit on solaris machines
From: johnathan curst <john_curst () YAHOO ! COM>
Date: 2000-09-22 22:56:25
[Download RAW message or body]
Hello again,
Well after my last post about the linux variation
of the tornkit it seems to me that a sunos version
of t0rn style trojans are starting to emerge on
sunos 5.6/5.7 and i have had a few reports
of stachel+yps as well a few trojans with
"t0rn" in their name have been seen on Sun
machines as well .. i will keep you upto date as
soon as i have more information. Again we belive a
mass exploitation routine was used like the
statd/wuftpd (linux) was used except this time for
it seems like sadmind/statd(?) and ofcourse the
never ending cmsd.
Also after reading a article on zdnet
http://www.zdnet.co.uk/news/2000/37/ns-18064.html
they seemed to mention that estimate of servers
hacked were estimated at few hundrered, which is
quite far from the fact. Anyone who will does a
sweep for port 511 on the major A class blocks
will notice this number is as high as a few
thousand, which quite a large number of those
include the ddos tool stachel+yps installed on
them.
If anyone would like to work with me in analysing
t0rnkit or any of the t0rn* files i would be glad
to work with them.
Regards,
John
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic