Blackhole

[Reuben D. Budiardja]

On Monday 11 April 2005 15:36, Chris Kenward wrote:
> Hi Reuben
>
> > If I recall correctly, you mentioned that the blackhole file was
> > an executable / binary, rather than a source code. So it's probably
> > already compiled and dropped to your machine.
>
> 100% Correct. What I cannot understand is how the file would have been
> transferred. Would it have been possible that the hacker used Apache on the
> box and simply uploaded the file? The mind boggles.

It's a posibility. If your apache is compromised through one of the vulnerable 
program/package (eg. cgi stuff) that is run there, then it's possible for 
hacker to get shell access, and basically download anything that the hacker 
wants to your machine, like more exploit, IRC bots, etc.

RDB

-- 
Reuben D. Budiardja
Dept. Physics and Astronomy
University of Tennessee, Knoxville, TN

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++ 
N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+ 
b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++
------END GEEK CODE BLOCK------