I came upon a hacked server in the wild that was running some errant perl
processes and found this: https://gist.github.com/4596612
I'm not sure it's technically a rootkit, since I don't believe it was able to
exploit outside the security context of the tomcat user. I'm curious if this
qualifies to be submitted to be included with rkhunter and if so, what's the
best mechanism of doing that. It seems to be an IRC bot that will accept
commands and do syn floods.
________________________________
CONFIDENTIAL NOTICE: This email including any attachments, contains
confidential information belonging to the sender. It may also be
privileged or otherwise protected by work product immunity or other
legal rules. This information is intended only for the use of the
individual or entity named above. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or the taking of any action in reliance on the contents
of this emailed information is strictly prohibited. If you have
received this email in error, please immediately notify us by
reply email of the error and then delete this email immediately.
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
