-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Definitely interesting.  Do we know that NetBSD does, or doesn't, suffer from 
this vulnerability?  I can't really tell from the description (I'm not 
sufficiently knowledgeable on NetBSD yet).  Obviously, one can watch for the 
mysterious appearance of an IRC server.

On Friday 16 November 2001 07:02, you wrote:
> Of course geared for Linux, but maybe of general interrest:
>
> 	http://www.vnunet.com/News/1126812
>
> 	     `` He explained that he had discovered a
>                 compromised Red Hat box that was being used as a
>                 central host for other 'zombie' machines, although
>                 it is not yet clear how the central server
>                 communicates with the zombies.
>
>                 Apparently the attacker manually installed an IRC
>                 server, which was communicating with more than
>                 120 other host machines.
>
>                 The communication channel was called 'kujikiri', a
>                 method of esoteric teaching used by the ninja, and
>                 the channel key was tagged 'ninehandscutting', an
>                 ancient ninjitsu hand movement.
>
>                 Apparently all hosts communicating with the
>                 central server were logging on using identification
>                 names prefixed with 'ninja'.
>
>                 According to experts, the Trojan program installed
>                 in the attack does not match any signatures
>                 identified so far and, if it is new, Salusky has
>                 already christened it 'Limpninja'. ''
>
>
>  - Hubert

- -- 
Seth Kurtzberg
Machine Independent Software
Office:  (480) 661-1849
Fax: (480) 614-8909
email:  seth@cql.com
pager:  888-605-9296 or email 6059296@skytel.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBO/SOW3hkmRgYZUCaEQIaiACgz3J2G2Qghm8PBBeQO1ojE0cVyL4An2Lk
s1yKAKSCSgdC1Bt8rPHrvH3q
=D3Qv
-----END PGP SIGNATURE-----