search for: d4rkstorm

Hello, I would like to ask for some specialist assistance in dissecting a 'rootkit' (seems to be massmailing specific,crafted somehow from another kit perhaps) It was found running on 5.x machines belonging (sofar) to my knowledge, 2 companies,one of wich was an isp and another a webhosting service running bsd. I will provide the kit and further details as soon as i am sure the thing will

Hello; I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected. It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:09.htt Security Advisory The FreeBSD Project Topic: information disclosure when using HTT Category: core Module: sys Announced:

Version 4.x users , ERIFY ADVISORY: http://secunia.com/advisories/15261/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch.asc VERIFY ADVISORY: http://secunia.com/advisories/15260/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch

Please be aware of 2 exploits currently running wild, one of wich is cross platform and verified as running on BSD, here is a 1.0.2 crossplatforming code PoC i found in a search -> http://www.milw0rm.com/id.php?id=943 There is 'newer' code and PoC of this (k-otik.com,other publics), however it is not mentionioned as it is not 100% verified as cross platforming yet. I recommend people

Hello list , just one thought, If you had a 'package verify" function , wich automatically installs itself and updates itself on any major update (a builtin eatire,posible for a future build), then that alone would eliminate multiple packages, of wich sometimes they have bad components left behind. I have seen a similar idea in the ports/vulnerability-test-port , I think this is a root

Update to the mozilla vulnerabilities wich were not Publicly reported (To MY standard, for BSD/Cros platform users) , so i performed my own research,PoC's etc, and have submitted all my results. I wont say i had ANYTHING atall todo with the Update, BUT please Update a.s.a.p to mozilla v1.0.4 , that should stop atleast ONE exploit, the other may be a simple matter oif not allowing your