similar to: ClamAV reports a trojan

On Thu, Apr 16, 2015 at 10:01 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > This morning I discovered this in my clamav report from one of our > imap servers: > > /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: > Unix.Trojan.MSShellcode-21 FOUND > > > I have looked at this script and it appears to be part of the nmap > distribution. It actually tests

On Sat, April 18, 2015 11:16, Jake Shipton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 16/04/15 16:01, James B. Byrne wrote: >> This morning I discovered this in my clamav report from one of our >> imap servers: >> >> /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: >> Unix.Trojan.MSShellcode-21 FOUND >> >> >> I

On Thu, April 16, 2015 10:09 am, Les Mikesell wrote: > On Thu, Apr 16, 2015 at 10:01 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: >> This morning I discovered this in my clamav report from one of our imap servers: >> /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: >> Unix.Trojan.MSShellcode-21 FOUND >> I have looked at this script and it appears to be

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As you all may know Fyodor of nmap fame has terminated SCO's rights to distribute namp with its products. See: http://www.smh.com.au/articles/2004/02/27/1077676955381.html I know this is off-topic, but I am interested in opinions on the subject of SCO using Samba in it's products while they declare the GPL is unconstitutional and invalid.

Good morning/day/night to all! After moving all my infrastructure to Debian9, changed my ADDC from Win2K12 to Samba4 scanning my network I found the following: -------------------------------------------------------------------------------------------------------------------------------- koratsuki at happyharry:~$ nmap --script smb-vuln-ms08-067.nse -p445 smb-addc.tld Starting Nmap 7.50 (

[mod: Just to show you that people DO get bitten after a bugwarning has gone out on linux-security..... -- REW] -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii Has anyone been hit with the Bind Inverse Query Buffer Overrun on their Linux servers? We have had 3 servers attacked using this expoit and all of the machines had several binaries replaced with trojan

hi, I am from Norway and you'll don't believe me, but a trojan horse in on your pc. I've scanned the network-ports on the internet. (I know, that's illegal) And I have found your pc. Your pc is open on the internet for everybody! Because the smss.exe trojan is running on your system. Check this, open the task manager and try to stop that! You'll see, you can't stop this

Hi, is it possible, that the current development version for Windows ( http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is infected by a trojan/virus. My antivir-program (www.avira.com) seems to find a trojan in open.exe at bin\i386. Best regards, Andreas [[alternative HTML version deleted]]

[OT ALERT] On 17/04/15 02:28, Valeri Galtsev wrote: > clamav is a scanner that is designed to detect viruses (virii I should use > for plural as it is Latin word) I believe this 'rule' in English is misunderstood by many and as a general rule of thumb... tl;dr: Words from Old English that came into modern English, use 'Old English' pluralisation: eg, sheep, fish etc. words

On 17/04/15 12:31, Valeri Galtsev wrote: > But being not native > English speaker, I use it ("not native English speaker") Figured as much, which is why I mentioned it ;) > as an excuse for > being unable to pronounce anything. Not as if most English speakers can pronounce many English words.... ... ttfn :) P.

On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: > It is amazing how much one can cripple what another person said by > scissoring his phrases ;-) English people (excludes USA people) should always try to speak simple, jargon-free, easily understandable and logically expressed English especially when conversing with non-English people. I greatly admire the linguistic abilities of

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/04/15 16:04, Valeri Galtsev wrote: > > On Fri, April 17, 2015 9:51 am, Always Learning wrote: >> >> On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: >> >>> It is amazing how much one can cripple what another person said >>> by scissoring his phrases ;-) >> >> English people

We had an incident recently where an openssh client and server were replaced with trojanned versions (it has SKYNET ASCII-art in the binary, if anyone's seen it. Anyone seen the source code ?). The trojan ssh & sshd both logged host/user/password, and probably had a login backdoor. Someone asked me what was their exposure if they used public/private keys instead of passwords. My

On Thu, April 16, 2015 8:59 pm, Peter Lawler wrote: > [OT ALERT] > > On 17/04/15 02:28, Valeri Galtsev wrote: > >> clamav is a scanner that is designed to detect viruses (virii I should >> use >> for plural as it is Latin word) > I believe this 'rule' in English is misunderstood by many and as a > general rule of thumb... > tl;dr: > Words from Old

On Fri, April 17, 2015 12:50 am, Peter Lawler wrote: > On 17/04/15 12:31, Valeri Galtsev wrote: >> But being not native >> English speaker, I use it ("not native English speaker") > Figured as much, which is why I mentioned it ;) > >> as an excuse for >> being unable to pronounce anything. > Not as if most English speakers can pronounce many English

On Fri, April 17, 2015 9:51 am, Always Learning wrote: > > On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: > >> It is amazing how much one can cripple what another person said by >> scissoring his phrases ;-) > > English people (excludes USA people) The first thing I learned what US people (before became one myself) take English pronunciation for was... Well, I

Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk

Some of you probably already read this: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 Interesting...I wonder what is the impact of all this on FreeBSD code. We may very well suppose that any government or corporation funded code can theoretically have some kind of backdoor inside. --Andy

Hello,     I'm sure it's a false positive but figured I post any way. My weekly full scan of my servers reported the following results. /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/group/group_deluser.inst: Unix.Trojan.Vali-6606621-0 FOUND /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/group/group_adduser.inst: Unix.Trojan.Vali-6606621-0 FOUND

ESET recently published an interesting post-mortem of the so-called "Operation Windigo" malware campaign [1]. OpenSSH backdoors (codename Linux/Ebury), described by ESET last month [2], are a key component of Windigo's attack surface. --mancha [1] http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf [2]