Information about the ovas0n backdoor

This backdoor was found in some infeted machines. Its a very simple one,
and is very easy to detect. It Opens a password protected backdoor and
lets you execute commands (using a shell, /bin/sh). When the backdoor
starts, it hides itself in the background as a bash shell (-bash 0n).
The default password is "app910h" and the welcome msg (in the backdoor) is
"unlg's backd00r, enter whatever is necessary".


Download: ovason.c 43ff0cfc1b7dce9d3e4729fe7d1659a3

Files to search:

• *ovas0n
• *ovason

Openned ports used by ovas0n:

• 29369

*All files with an "*" need to be search in all system
**If you have any more information, send to: mail1, or to mail2.




$RootCheck: ovason.php ,v 1.0 2003/10/16, Daniel B. Cid$