Some programs were executed.
psybnc is ``an easy-to-use, multi-user, permanent IRC-Bouncer'', not sure what is means.
It was executed under the name sshd to hide it.
I don't know what the other files are, but the filenames ``robotbsd.tgz'' and``robotlinux.tgz'' don't sound very good, it was executed under the name ./[kupdateb] to hide it.
The intruder never had root accress, right? (Through sudo).
If so, you can probably undo most harm by making sure there is nothing in this user's crontab and by rebooting the machine, anything the intruder executed will be shut down.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
|