0day linux 2.6 /dev/mem rootkit found Jul 11 2007 04:07PM
James E. Jones (ceriofag yahoo com) (1 replies)
Strange Cisco Router Logs Jul 20 2007 07:49PM
Radi Tzvetkov (radit logisticare com) (1 replies)
RE: Strange Cisco Router Logs Jul 22 2007 06:57PM
Dario Ciccarone (dciccaro) (dciccaro cisco com) (1 replies)
Phishing e-mail with hidden crap? Aug 17 2007 06:48AM
Nicolas villatte (Nicolas Villatte chello be)

At the end you see in white on white color the following:


cvs: 0x7457, 0x5, 0x8758, 0x9019, 0x7, 0x697, 0x17916501, 0x949, 0x80,
0x030, 0x598, 0x97266747 NCE TP6 X81P RH2E exe SG0 include V8PW root api:
0x17, 0x2879 JN9: 0x50270054, 0x28850104, 0x316, 0x935, 0x01339377, 0x64,
0x0, 0x1658, 0x26765770, 0x091, 0x162 BB4B: 0x9, 0x04, 0x1745, 0x0, 0x9597,
0x33, 0x25692116, 0x58826863, 0x536, 0x9200, 0x8236, 0x1759 EXJ: 0x1, 0x343,
0x88, 0x4917, 0x33, 0x84363121, 0x2 0x502, 0x6163, 0x460, 0x783, 0x6, 0x7,
0x805, 0x94, 0x343, 0x2, 0x2, 0x85653112 0x671, 0x5, 0x67064212, 0x3,
0x01452899, 0x9, 0x6, 0x4, 0x6, 0x9835, 0x94660375, 0x9 0x3181, 0x97, 0x7700

0x61 0x29 0x04, 0x55, 0x6412, 0x9, 0x921, 0x73133834, 0x17, 0x3, 0x08, 0x6
P37. engine: 0x4 0x11053531, 0x0, 0x9, 0x1, 0x5, 0x62, 0x662 function cvs
IQ0 SCQ KSU end NXZJ IPQ. cvs: 0x38, 0x22230904 0x6517, 0x8056, 0x3, 0x! 65,
0x37425646, 0x53, 0x420, 0x47863400, 0x0562, 0x6, 0x952 0x2008, 0x82331620,
0x1484, 0x4036, 0x18171004, 0x41, 0x35, 0x3204, 0x821, 0x39538782

B3U5: 0x267 19K: 0x38438621, 0x3969, 0x90 stack: 0x098, 0x47833820, 0x1,
0x5, 0x53, 0x0931, 0x3415, 0x40, 0x1, 0x35, 0x24692917, 0x700 0x1122, 0x3,
0x1, 0x91689386, 0x8, 0x6056, 0x75, 0x05, 0x67808953, 0x67 update.0x33,
0x24, 0x3, 0x98, 0x2 start: 0x048, 0x5, 0x9, 0x95465686, 0x8, 0x0043,
0x25220247, 0x0004, 0x4524, 0x435, 0x9, 0x386, 0x3, 0x92, 0x0 0x5573, 0x48,
0x3657, 0x861, 0x6, 0x2, 0x48 BT6, 3A6. 0x6591, 0x219, 0x683, 0x36, 0x334,

I was wondering what it could be. Seeing strings like "cvs:" and "function
cvs", it could be just crap added to bypass filtering, but then this crap
would probably be generated in some special way to get intelligible strings.

Anyone got any clue?


This list sponsored by: SPI Dynamics

ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems! Firewalls and IDS
will not stop such attacks because SQL Injections are NOT seen as intruders.
Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus