[SunRescue] Re: [Suns-at-Home] Cracked!
Henry Luciano
rescue at sunhelp.org
Sat May 12 12:16:10 CDT 2001
On Sat, 12 May 2001, Eric Hall wrote:
<snipped and reformatted - please don't wrap at 20 chars, heh>
> Well, it's my own fault, but I've been cracked. I noticed a process
> running on my classic named uniattack.sh - it seems someone was using
> my lowly classic to deface websites.
>
> There was a new directory created on my system - /dev/cuc where the
> cracker installed his utilities.
Sounds like that sadmind/IIS worm:
http://www.cert.org/advisories/CA-2001-11.html
So, yes, you guessed correctly that it was a scripted worm. Attrition.org
says they received around 9000 IPs of systems that have been hit with
this. Heh, check, to see if you're in their list:
http://www.attrition.org/security/commentary/worm-list.txt
Anoter argument for deleting unnecessary services from your boxen.
Nothing like a security hole to ruin your weekend.
HTH,
Henry Luciano
IS Goon
More information about the rescue
mailing list