# What is this software ? is it a Perl Script?

## marquischan

http://www.geocities.com/dennis_ridiculous/tools/newscan.txt

----------

## didymos

Well, see the "#!/usr/bin/perl" at the beginning?

----------

## marquischan

I found this file in my system ~~

----------

## tcd

 *marquischan wrote:*   

> I found this file in my system ~~

 

Looks like you're in serious risk of being rootkit'ed by another useless scriptkiddie. Or you already are.

----------

## ToeiRei

another ircbot... 

As you don't know what things already have been modified, I'd recommend a fresh install

Rei

----------

## marquischan

Can it take my root privilege?

----------

## Mantaar

 *marquischan wrote:*   

> Can it take my root privilege?

 

Depends. Where did you find the file (in what directory?)

It's not always neccessary to re-install a system where the kid didn't really compromise the machine that hard - like when he only got into your user's writable space.Then it should be sufficient to wipe all dotfiles and startup scripts. But a fresh reinstall is always the safe way to go.

----------

## ToeiRei

In theory, such bots include a telnet server. They start running as the unprivileged user they have been injected (i.e. apache).

Now if someone got an exploit for the software running on your machine it would even be possible to gain root privileges.

Rei

----------

## marquischan

I have reinstalled the system, can you name me some exploit tools for me to test the security of my system? 

As I am not doing gentoo update frequently ... That may been the reason they can come in !!

----------

## Anarcho

 *marquischan wrote:*   

> I have reinstalled the system, can you name me some exploit tools for me to test the security of my system? 
> 
> As I am not doing gentoo update frequently ... That may been the reason they can come in !!

 

As a start I would regularly run "glsa-check". It checks your gentoo packages for security related updates.

----------

## djinnZ

do a look at chkrootkit, foremost, rkhunter or samhain in app-forensic and to the glsa-check

----------

