Hi, I read a news about a malware called Linux/Cdorked.A : http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
They give a tool to know if our system is infected or not. Well, I have two questions : * Is this malware relevant on FreeBSD/*BSD systems ? * The tool don't work out-of-the-box, what do you think of : --- dump_cdorked_config.c 2013-05-03 09:48:59.000000000 +0000 +++ dump_cdorked_config-freebsd.c 2013-05-03 12:03:45.851681457 +0000 @@ -6,12 +6,13 @@ // would like to help, please send the httpd_cdorked_config.bin // and your httpd executable to our lab for analysis. Thanks! // -// Build with gcc -o dump_cdorked_config dump_cdorked_config.c +// Build with gcc -D_KERNEL -o dump_cdorked_config dump_cdorked_config.c // // Marc-Etienne M.Léveillé <levei...@eset.com> // #include <stdio.h> +#include <sys/types.h> #include <sys/shm.h> #define CDORKED_SHM_SIZE (6118512) I never developed any peace of code for FreeBSD, then what I'm not sure of is the use of -D_KERNEL on the build command line. Since shm_info struct is available only with this define and u_long and others used by sys/shm.h are in sys/types.h, I found it's a good way to do. I would like to know too, why does these structs (shm_info) are available only when using _KERNEL ?
signature.asc
Description: OpenPGP digital signature