[SunRescue] Cracked!
Mike Meredith
rescue at sunhelp.org
Thu May 17 12:24:46 CDT 2001
Hi
On Saturday 12 May 2001 14:30, you wrote:
> There was a new directory
> created on my system -
> /dev/cuc where the cracker
I think that's the finger print of the L1ion worm; there should be a
paper on it lurking on www.securityfocus.com. From memory, I think it
breaks in via a named vulnerability, installs some backdoors (the
number of backdoors, and the ports they run on vary between the 3
versions), and then starts attacking IIS servers. You may have a log
file available of the successfuly compromised IIS servers lurking
around.
It may also be the sadmind/IIS worm.
More information about the rescue
mailing list