Also about two weeks ago, I discovered an unauthorized instance of psyBNC running under the ID of a Spore user. Ironically enough, the binary had been renamed 'pine', which is how I noticed that it was running at all. I feared the worst and started investigating, but it appears that said user's password got snarfed when another machine with a mission similar to Spore's had gotten hacked more severely. The degree of compromise on Spore was limited to the psyBNC instance and a fairly pathetic attempt to gain a setuid root shell, which failed. This is good, because if the exploit had been any more severe, we would have had to wipe and restore the system, which would have been a gigantic pain in the ass. Let's hear it for incompetent script kiddies!
Posted by forrest at May 31, 2003 10:02 AM