[ILUG] fascinating paypal spam
Paul Jakma
paul at clubi.ie
Fri Apr 22 15:53:12 IST 2005
On Thu, 21 Apr 2005, kevin lyda wrote:
> directory: http://searchfar.com/.bashrc/ .
>
> an amusing way to hide your evil files.
>
> anyway, something else to search for in security scripts: normal rc
> files existing as directories.
Not only that, but you'd have to actually inspect the contents of
.bashrc (from a shell context which /did not/ use that bashrc).
Otherwise $ATTACKER can insert commands into .bashrc to simply
recreate any nastiness, along with LD_PRELOAD's to hide such
nastiness from you if accessed via library calls.
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
"My knob tastes funny."
--Ralph Wiggum
The Itchy & Scratchy & Poochie Show (Episode 4F12)
More information about the ILUG
mailing list