[lug] intrusion

gordongoldin at aim.com gordongoldin at aim.com
Wed Jun 13 12:16:31 MDT 2007

There was a funny UID - easypwn.

Changed the passwd, later saw:

easypwn tried to get in, failed, then another "don't know who it is userID" mailmn got on from same IP.
The easypwn tried to get in again and logged in successfully.

Looking around, I saw:
?...porn.zip in a temp file

Due to powers that be, I can't just shut this down.

Has anyone seen something like this before?
(Hoping this is something less than a rootkit.)

What's the short list of cleaning procedures/lockdowns while taking this machine out of service?
Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20070613/98c97019/attachment.html>

More information about the LUG mailing list