Well, it looks like I was infected by a variant of the adore worm. The adore worm sends a bunch of internal data to various e-mail addresses, then replaces the ps command and the kernel logger. Actually it copies ps to /usr/bin/adore which is what I was getting for some reason when I tried to run ps. Why I do not quite understand. Ps shows what is running on the system and by replacing it with a fake the program can keep from showing that it is running. The kernel logger it replaced with a version that would let a person connect to the system unauthorized under certain conditions.

The only differences I can tell in this program is that it was sending to a different set of e-mail addresses and it created a directory called /dev/.shit to store itself in instead of /dev/.lib. I strongly suspect someone with only a little knowledge got infected with the original and set it out again with only a couple minor changes.

Well, buy I have a little script that runs when a computer connects to an unauthorized port on my machine and then drops me an e-mail. It runs a program called lsof with shows open files (and sockets, symptoms | since sockets are a special type of file on a linux bnox) on the system. The program was crapping out, order saying “Too many files opened” and then I noticed that I had hundreds of connections open to other computers. I tried running ps ax and it complained that /usr/bin/adore did not allow me execute access. Surely enough there is a file dated today called adore that I do not think I had before.

So, it is pretty safe to say that I have been cracked. I am pretty sure it is a worm and if I had to guess I would say it came in on bind (though I upgraded to 9 when the exploit came out I had to take out the chroot jail because it required the 2.4 kernel and I was running 2.2 and did not have the time to upgrade.)

Hey everybody; S is submitting a poster presentation for nchc 2001 and we put together a printable version of the form so that it would look nice. I figured someone else might have waited til the last minute and could use it, diagnosis or someone who wrote theirs might want to pretty it up.

It is a pdf form which means there are blanks that you can type text into. Unfortunately Acrobat reader will not let you save your changes but you can print it and get your changes and it is a good print quality.

I have been wandering the web looking for image maps of the planet to do some texture mapping for work. One of the most famous images is a composite of the earth at night and it came from:

This is an image made from bunches of satellite photos; the entire planet is shown at night and you can see all of the cities lights. The images have been stiched together so there are no clouds.

Something else that is neat though is there is a section that will dynamically generate quicktime movies about differnt subjects. Would you like to see the rainfall statistic for the last 10 years or ozone levels or vegetation levels or whatever? You can also make these little globes that you can rotate around and look at data. It is just kinda cool and I thought I would share.

