[ILUG] Porting MyDoom to Linux
Chris Higgins
chris.higgins at darach.ie
Tue Feb 3 17:21:19 GMT 2004
On Tue, 03 Feb 2004 16:49:23 +0000
Frank Boehme <f.boehme at cs.ucc.ie> wrote:
> Good afternoon,
>
> * Convince the victim to unpack and execute binary mail attachments
Just 'cause they use linux, doesn't mean they won't open the
attachment
> * Find a means to scan for email addresses in the user's data
find / -exec grep '@' {} \;
> * Mass email to the addresses found
(previous find ) | xargs mail
> * Upon execution of the attached binary, install a backdoor server
> that listens to certain ports,
eazypeazy - useradd fred, then create a ~fred/.ssh/authorized_keys
> some of which with low numbers. Must run as non-root. Should keep
> listening after logoff. (xinetd?)
iptables
nohup blah &
> * Have this server accept connections from anywhere.
/sbin/ifconfig eth0 up :-)
> * Make all this possible wihout w/o requiring a previously installed
> root kit. The program should
> attack plain desktops where no servers are running.
local root escalation
> * Do all this without write access to /etc. We are not root.
local root escalation
>
> Perhaps after a few weeks of hard work and testing, an entry would be
> added to CHANGELOG:
>
> * Major rewrite of the code. Forced to switch to another OS.
Nah ! Major rewrite of code, need to hide from tiger / aide / tripwire..
Need to find an OS where people don't expect auditing..
>
>
> Have a nice day (it rains here),
>
>
> Frank
>
> --
> Did you know that if you play a Windows XP cd backwards, you
> will hear the voice of Satan?
> That's nothing! If you play it forward, it'll install Windows XP.
> --
> Irish Linux Users' Group
> http://www.linux.ie/mailman/listinfo/ilug/
>
--
Chris Higgins Cisco Learning Partner
Darach Technology Ltd tel: +353-1-6204370
email: chris.higgins at darach.ie fax: +353-1-6204371
http://www.darach.ie
More information about the ILUG
mailing list