Blackhole
Reuben D. Budiardja
techlist at voyager.phys.utk.edu
Mon Apr 11 19:39:41 UTC 2005
On Monday 11 April 2005 15:36, Chris Kenward wrote:
> Hi Reuben
>
> > If I recall correctly, you mentioned that the blackhole file was
> > an executable / binary, rather than a source code. So it's probably
> > already compiled and dropped to your machine.
>
> 100% Correct. What I cannot understand is how the file would have been
> transferred. Would it have been possible that the hacker used Apache on the
> box and simply uploaded the file? The mind boggles.
It's a posibility. If your apache is compromised through one of the vulnerable
program/package (eg. cgi stuff) that is run there, then it's possible for
hacker to get shell access, and basically download anything that the hacker
wants to your machine, like more exploit, IRC bots, etc.
RDB
--
Reuben D. Budiardja
Dept. Physics and Astronomy
University of Tennessee, Knoxville, TN
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++
N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+
b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++
------END GEEK CODE BLOCK------
More information about the redhat-list
mailing list