From owner-freebsd-security Wed Nov 14 7:16:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from sanyu1.sanyutel.com (sanyu1.sanyutel.com [216.250.215.14]) by hub.freebsd.org (Postfix) with ESMTP id 4926837B405; Wed, 14 Nov 2001 07:16:28 -0800 (PST) Received: from localhost (ksemat@localhost) by sanyu1.sanyutel.com (8.11.3/) with ESMTP id fAEFJDx28426; Wed, 14 Nov 2001 18:19:13 +0300 X-Authentication-Warning: sanyu1.sanyutel.com: ksemat owned process doing -bs Date: Wed, 14 Nov 2001 18:19:13 +0300 (EAT) From: X-X-Sender: To: John Baldwin Cc: Stefan Probst , Rob Hurle , Subject: RE: Adore worm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I also add my voice to the hullabaloo. Reinstall the machine, use ssh and do a cvsup to the latest stable release of freebsd. Do this regularly in order to keep on top of things. Noah. On Tue, 13 Nov 2001, John Baldwin wrote: > > On 13-Nov-01 Stefan Probst wrote: > > Good Evening, > > > > sorry for newbie-posting, but I don't have too much time to sift through > > archives.... > > > > Looks like my FreeBSD 4.2 Box (FreeBSD 4.2-RELEASE (GENERIC)) got hit by a > > worm - or infested by purpose: > > It's a rootkit, and your box has been compromised. Backup your data and > reinstall unless someone else has a better idea. > > -- > > John Baldwin -- http://www.FreeBSD.org/~jhb/ > "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message