[Savannah-hackers] Re: [savannah-root] Suckit rootkit detected on subver

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: [savannah-root] Suckit rootkit detected on subver

From:	Vincent Caron
Subject:	[Savannah-hackers] Re: [savannah-root] Suckit rootkit detected on subversions.gnu.org
Date:	Sat, 29 Nov 2003 19:28:52 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031014 Thunderbird/0.3

Vincent Caron wrote:

I don't have much more info for now, besides I can't see unexpectedprocesses listening on unexpected ports.


I have a little more actually :

* tke 'sk' process has been running since nov. 2

* its file was found in /usr/lib/locale/en_US/.sk12/sk
  (a copy is at http://zerodeux.net/misc/sk)

* running through /root/.bash_history does not show useful information

* I've straced the 'sk' process a little before killing it (see /root)

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers] Re: [savannah-root] Suckit rootkit detected on subversions.gnu.org, Vincent Caron <=

Prev by Date: [Savannah-hackers] Re: CVSReport
Next by Date: [Savannah-hackers] submission of SpipEM : EasyMod for SPIP - savannah.nongnu.org
Previous by thread: [Savannah-hackers] Permissions failure in uploading new files
Next by thread: [Savannah-hackers] submission of SpipEM : EasyMod for SPIP - savannah.nongnu.org
Index(es):
- Date
- Thread