Hi folks, sorry if this was already discussed. In my httpd.error_log I can find hundreds of entries which show that I get permanently scanned for "root.exe" and "cmd.exe". Okay cmd.exe is of course the command interpreter of Windows-Systems. This interpreter is being searched in lots of locations (winnt/system32 and different other locations; of course without affort as I'm runnign a linux-System). But I've never heard of root.exe. What is this ? root sounds familiar *sigh* but I've never heard of a root.EXE... As this scans also take place on my Dial-In-machine, there seems to be a scanprogram which scans the range(s). Does anybody know of such a scanprogram ? Is there any danger for my linux-system ? thx. Stephan
trojan. copy cmd.exe to root.exe, originally avoided people looking for
cmd.exe.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
----- Original Message -----
From: "OKDesign oHG Security Administrator"
Hi folks,
sorry if this was already discussed.
In my httpd.error_log I can find hundreds of entries which show that I get permanently scanned for "root.exe" and "cmd.exe". Okay cmd.exe is of course the command interpreter of Windows-Systems. This interpreter is being searched in lots of locations (winnt/system32 and different other locations; of course without affort as I'm runnign a linux-System). But I've never heard of root.exe. What is this ? root sounds familiar *sigh* but I've never heard of a root.EXE... As this scans also take place on my Dial-In-machine, there seems to be a scanprogram which scans the range(s). Does anybody know of such a scanprogram ? Is there any danger for my linux-system ?
thx. Stephan
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (2)
-
Kurt Seifried
-
OKDesign oHG Security Administrator