good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
This does look like an attempt at some sort of exploit—more likely a probe to check for vulnerable servers to plant the real attacks on later. It tries to disguise itself as lynx (a text-based browser) in the process list, a weak measure, perhaps, but a pretty sure sign their intentions are less than pure. Then it tries to open a TCP socket to $ARGV[0] on port $ARGV[1] and reopen the 3 standard streams, and send your kernel version and the local user ID and groups to the remote server, and try to start a (remote) shell. Quite possibly the $target is a machine controlled by the attackers. Whether you should be worried or not? I dunno, that depends on how it got there and whether you can identify the target and the perpetrators. That, and they didn't use strict. Bastards.
use strict; use warnings; omitted for brevity.
In reply to Re: Something I found on my site
by rjt
|
|