Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] httpd.log-entries
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Thu, 3 Jan 2002 16:50:39 -0700
  • Message-id: <005901c194b1$7293dde0$6400030a@xxxxxxxxxxxx>
trojan. copy cmd.exe to root.exe, originally avoided people looking for
cmd.exe.


Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/


----- Original Message -----
From: "OKDesign oHG Security Administrator" <security@xxxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Thursday, January 03, 2002 4:43 PM
Subject: [suse-security] httpd.log-entries


> Hi folks,
>
> sorry if this was already discussed.
>
> In my httpd.error_log I can find hundreds of entries which show that I get
> permanently scanned for "root.exe" and "cmd.exe". Okay cmd.exe is of
course
> the command interpreter of Windows-Systems. This interpreter is being
> searched in lots of locations (winnt/system32 and different other
locations;
> of course without affort as I'm runnign a linux-System). But I've never
> heard of root.exe. What is this ? root sounds familiar *sigh* but I've
never
> heard of a root.EXE...
> As this scans also take place on my Dial-In-machine, there seems to be a
> scanprogram which scans the range(s). Does anybody know of such a
> scanprogram ? Is there any danger for my linux-system ?
>
> thx.
> Stephan
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >