[NBLUG/talk] Exim remote root in the wild
Tim Preston
timp at sonic.net
Mon Dec 27 18:44:28 PST 2010
<snip>
They love gmail, because it is bullet proof and keeps their data
confidential.
</snip>
Hmmmmm. That's just what WE need.... Something robust and stable that
can take a beating and... Hey, wait a minute!
:-P
On 12/25/2010 1:29 PM, Ed Rogers wrote:
> It already got one of my servers on the 16th around 3PM a few giyrs
> before this email arrived). I patched it on the 16th, late in the
> evening, without realizing I had been hit.
>
> The first symptom is mail doesn't arrive. I didn't notice this at
> first, because although that particular server has about 15 clients,
> none of them use mail. They hate Horde. They love gmail, because it is
> bullet proof and keeps their data confidential.
>
> I finally saw it last night, in the course of investigating a number
> of frozen messages that turned out to be spam sent to the webmaster.
>
> Here is a really good link that contains some diagnostics and cleanup
> procedures:
>
> http://www.reddit.com/r/netsec/comments/en650/details_of_the_root_kit_that_got_installed_on_my/
>
>
> Quoting "Troy Arnold" <troy at zenux.net>:
>
>> A buddy of mine got nailed recently using Lenny's Exim. I guess this
>> has
>> been known for a week or so but this was the first I'd heard of it.
>>
>> Some details are here:
>> http://www.kb.cert.org/vuls/id/682457
>>
>> and here:
>> http://www.debian.org/security/2010/dsa-2131
>>
>> Patch 'em if you got 'em.
>>
>> -t
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at nblug.org
>> http://nblug.org/cgi-bin/mailman/listinfo/talk
>>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>
>
More information about the talk
mailing list