Hi again everyone, Got the same thing few minutes ago, coming from China this time, pointing to the same address for the download .... Seems to be spreading ? The downloaded file is definitely for Linux.
Tudor __________________ Hi everyone, Last night I caught an attack to my web servers here, the attack consisted in command execution attempts using various CGI vulnerabilities. The fact is that after looking at the payload of all connection attempts, they all had a "wget <IP Address>/lupii", same IP address, I can send it to the list if anybody needs it. I downloaded the file from that site, it is an elf executable and it seems to be a backdoor of some sort reporting back to the site. The attack was coming from Taiwan and the download site was in Norway. I am not good at looking at elf format programs, is anybody willing to take a look ? I can send the file on demand. Does anybody know what is this all about ? Thanks, Tudor _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
