Hi folks, sorry if this was already discussed. In my httpd.error_log I can find hundreds of entries which show that I get permanently scanned for "root.exe" and "cmd.exe". Okay cmd.exe is of course the command interpreter of Windows-Systems. This interpreter is being searched in lots of locations (winnt/system32 and different other locations; of course without affort as I'm runnign a linux-System). But I've never heard of root.exe. What is this ? root sounds familiar *sigh* but I've never heard of a root.EXE... As this scans also take place on my Dial-In-machine, there seems to be a scanprogram which scans the range(s). Does anybody know of such a scanprogram ? Is there any danger for my linux-system ? thx. Stephan
trojan. copy cmd.exe to root.exe, originally avoided people looking for cmd.exe. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/ ----- Original Message ----- From: "OKDesign oHG Security Administrator" <security@okdesign.de> To: <suse-security@suse.com> Sent: Thursday, January 03, 2002 4:43 PM Subject: [suse-security] httpd.log-entries
Hi folks,
sorry if this was already discussed.
In my httpd.error_log I can find hundreds of entries which show that I get permanently scanned for "root.exe" and "cmd.exe". Okay cmd.exe is of course the command interpreter of Windows-Systems. This interpreter is being searched in lots of locations (winnt/system32 and different other locations; of course without affort as I'm runnign a linux-System). But I've never heard of root.exe. What is this ? root sounds familiar *sigh* but I've never heard of a root.EXE... As this scans also take place on my Dial-In-machine, there seems to be a scanprogram which scans the range(s). Does anybody know of such a scanprogram ? Is there any danger for my linux-system ?
thx. Stephan
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (2)
-
Kurt Seifried -
OKDesign oHG Security Administrator