recently received the message below. Is mirkforce a problem for suse ? --> We are currently dealing with an outbreak of hacked Linux boxes running "Mirkforce". Mirkforce is an IRC virus, which is spreading rapidly. We are unsure as to how it propagates, but essentially once a hacked linux box launches the software, it will fill all the ips not used of the network where the computer is located (the /24) by creating virtual aliases on the main interface. After it will just simulate x connections from each ip, and will target one or more irc servers and probably be used in some action against some users/channels. Computer examined were root kitted and some DDOS tools were installed and activated on it. **PLEASE** search the linux servers on your network, and if you have some machines logging arp changes or else, try to find the server which suddenly stole ips from others servers. This software is probably running only on Linux (all the versions found were for Linux). Search the linux running recently reported holed daemons (named, rpc, ftpd, etc..) and try to find suspicious accesses and to reinstall/remove useless daemons. Usually the server hacked will be one of the not listed ones, it seems that the mirkforce is not using the primary IP of the server hacked. Output from the help of the software ./mIRKfORCE -h mIRKfORCE 2.o [+0wnz] by ipLord, this copy is registred to haschmannen usage: mIRKfORCE [options] flag <arg> : explanation [default] -------------------------------------------- -i <interface> : Interface [eth0] -t <secs> : h0st check timeout [7] -h : This help (also try /help once inside) -r : Remove all IPaliases created by mIRKfORCE -v : Verbose mode, print common irceventz fer the klonez -d : Debug mode (lotsa raw ircprintouts) As always, these problems can be avoided by running properly patched and secured machines. Regards, -- Dr. Delia Wakelin Tel: 44 (0) 191 227 4958 Division of Psychology email mailto:d.wakelin@unn.ac.uk University of Northumbria www http://www.unn.ac.uk/~evdw3 Newcastle upon Tyne NE1 8ST