On Thu, Sep 12, 2013 at 9:39 AM, E Frank Ball III fra...@efball.com wrote:
On Thu, Sep 12, 2013 at 09:13:46AM +0900, Joel Rees wrote:
On Thu, Sep 12, 2013 at 7:48 AM, E Frank Ball III fra...@efball.com
wrote:
Last fall there was a debian 64-bit / nginx rootkit going around,
now I've
On Sep 11, 2013, at 18:48, E Frank Ball III fra...@efball.com wrote:
Last fall there was a debian 64-bit / nginx rootkit going around,
now I've been hit with what sounds similar but on 32-bit wheezy.
Here's a link to info on the previous 64-bit rootkit:
On Thu, Sep 12, 2013 at 07:15:57PM +0900, Joel Rees wrote:
The lynx webrowser shows this as the first line of the webpages:
Local on the machine in question or external?
external.
IFRAME: http://122.226.137.123:/yixi.exe
It also appears in downloads using wget.
view
I am glad some one asked if the browser is running on the server; I had
that thought too. The problem could be something in between the actual
client and the server. Additionally, this could be done without using
any malicious software, like a rootkit. Legitimate software could be
configured to
On Thu, Sep 12, 2013 at 7:48 AM, E Frank Ball III fra...@efball.com wrote:
Last fall there was a debian 64-bit / nginx rootkit going around,
now I've been hit with what sounds similar but on 32-bit wheezy.
Here's a link to info on the previous 64-bit rootkit:
On Thu, Sep 12, 2013 at 09:13:46AM +0900, Joel Rees wrote:
On Thu, Sep 12, 2013 at 7:48 AM, E Frank Ball III fra...@efball.com wrote:
Last fall there was a debian 64-bit / nginx rootkit going around,
now I've been hit with what sounds similar but on 32-bit wheezy.
All files served by
Quoting E Frank Ball III (fra...@efball.com):
Last fall there was a debian 64-bit / nginx rootkit going around,
now I've been hit with what sounds similar but on 32-bit wheezy.
I hope you're aware that -- at least in the standard usage of the word
'rootkit' -- a rootkit doesn't 'go around',
7 matches
Mail list logo
