[plug] Fw: I am so sorry!Your hosts was hacked!
Linux
squirrel at emerge.net.au
Fri Apr 6 23:11:57 WST 2001
Hi all I have just recieved this most polite email and have verified its
correctness
I have also followed the instructions.
I thought that I had the latest version of bind 8.2.2-P3
well when I went to the RedHat site a couple of weeks back that is what they
offered.
The hacker mentions a "backdoor"
Will this "backdoor" be closed by upgrading to version 9 of Bind
or do I need to add do something else.
----- Original Message -----
From: <huckit at china.com>
To: <root at squirrel-resources.com>
Sent: Friday, April 06, 2001 11:04 PM
Subject: I am so sorry!Your hosts was hacked!
> Hello!Administrator:
> I am sorry.
> Your DNS server was hacked by my New variation of the ramen worm.
> I am bestrow your index.html files only for awoke you path the DNS server.
> Please change your password and path the DNS server to version 9.
> And some backdoor in your system.
> Do this follow me.:)
> 1.
> kill the process of star.sh hack.sh scan.sh pscan ETC.
> 2.
> remove the /tmp/ramen.tgz
> 3.
> find the "/dev/.lib/star.sh" in the /etc/rc.d/rc.sysinit file and remove
it.
> 4.
> find the "asp stream tcp nowait root /sbin/asp " in the /etc/inetd.conf
file and remove it.
> 5.
> find the "10008 stream tcp nowait root /bin/sh sh" in the /etc/inetd.conf
file and remove it.
> 6.
> del the /dev/.lib
>
> ok.
> Now,You removed the 1i0n worm.
> Don't forget to restar yous server.
> :)
>
> GoodLuck!
>
> Lion
> ************************************
> ×îÐÂÍƳö¡°ÖлªµØͼ¡±
> http://map.china.com
>
More information about the plug
mailing list