Robert,
The only way to truly recover from a break-in, is to fully restore the
system
from a trusted medium. That being said, here's what your script does:
1) Hide it's name in the process table as '/usr/sbin/nscd ' (100
spaces).
2) Bind to UDP port 1337 in order
Robert,
The only way to truly recover from a break-in, is to fully restore the system
from a trusted medium. That being said, here's what your script does:
1) Hide it's name in the process table as '/usr/sbin/nscd ' (100
spaces).
2) Bind to UDP port 1337 in order
I've gotten some e-mails from people who were
infected with .ncsdrecover but it looks like my
post is the only thing accesible via google when
you find it so I thought that I would report
back publicly with what I found was responsible
for it and how it got removed.
Basically people told me to loo
I've gotten some e-mails from people who were
infected with .ncsdrecover but it looks like my
post is the only thing accesible via google when
you find it so I thought that I would report
back publicly with what I found was responsible
for it and how it got removed.
Basically people told me to loo
4 matches
Mail list logo
