search for: 1rwj9ejb0zjtznp6dr

...0Lpc/jwx2P7s4H/2V++W499w2fAZPM8kjnKi9b > EBS0vl/oYAOVgzc3lo4y0CbY9GQtQ3258tISCeMGGOR/OjPYl3BqINsS1Qf0FGSw > FzNHWrlgas/bZO/HbTAzWbtxknRKIJiiYfBHqLL6s/r9WpOMsBvA2eVpkXsEZZoz > AWC0CFcrVsh7+Agqk46GyIsDn8ZpT+IymwMp+gKiqBv8e4uG5WjE8YRGBybscJgk > DAPZ9ZaSJpJNFkJ0tpAAgNkPO96lFv6l43nnm/IyTfKtd/1rWJ9ejb0ZjtZnP6Dr > xWdNyTjK39euHiVBP3pZ6ex8VKthph6b9FeferoQaGFxGvixk7epIihPbeEYqbg= > =lowP > -----END PGP SIGNATURE----- > > Thank you. We run aide on that box and it did not report any recent changes to that file. RPM and yum history corroborated the install date as being last October. We have c...

This morning I discovered this in my clamav report from one of our imap servers: /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: Unix.Trojan.MSShellcode-21 FOUND I have looked at this script and it appears to be part of the nmap distribution. It actually tests for irc backdoors. IRC is not used here and its ports are blocked by default both at the gateway and on all internal hosts.