LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Porting MyDoom to Linux

[ILUG] Porting MyDoom to Linux

Chris Higgins chris.higgins at darach.ie
Tue Feb 3 17:21:19 GMT 2004 

On Tue, 03 Feb 2004 16:49:23 +0000
Frank Boehme <f.boehme at cs.ucc.ie> wrote:

> Good afternoon,
> 
> * Convince the victim to unpack and execute binary mail attachments

Just 'cause they use linux, doesn't mean they won't open the
attachment

> * Find a means to scan for email addresses in the user's data

find / -exec grep '@' {} \; 

> * Mass email to the addresses found

(previous find ) | xargs mail

> * Upon execution of the attached binary, install a backdoor server
> that listens to certain ports,

eazypeazy - useradd fred, then create a ~fred/.ssh/authorized_keys


>   some of which with low numbers. Must run as non-root. Should keep
> listening after logoff. (xinetd?)

iptables

nohup blah &


> * Have this server accept connections from anywhere.

/sbin/ifconfig eth0 up :-)

> * Make all this possible wihout w/o requiring a previously installed
> root kit. The program should
>   attack plain desktops where no servers are running.

local root escalation

> * Do all this without write access to /etc. We are not root.

local root escalation
> 
> Perhaps after a few weeks of hard work and testing, an entry would be
> added to CHANGELOG:
> 
> * Major rewrite of the code. Forced to switch to another OS.

Nah ! Major rewrite of code, need to hide from tiger / aide / tripwire..

Need to find an OS where people don't expect auditing..
> 
> 
> Have a nice day (it rains here),
> 
> 
> Frank
> 
> -- 
> Did you know that if you play a Windows XP cd backwards, you
> will hear the voice of Satan?
> That's nothing! If you play it forward, it'll install Windows XP.
> -- 
> Irish Linux Users' Group
> http://www.linux.ie/mailman/listinfo/ilug/
> 


--

Chris Higgins                              Cisco Learning Partner
Darach Technology Ltd                      tel: +353-1-6204370
email: chris.higgins at darach.ie          fax: +353-1-6204371
http://www.darach.ie

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell