Results 1 to 4 of 4
  1. #1

    Malicious Script or Not? Oxygen.o2?

    Hello guys,

    Does anybody know a script called "Oxygen.o2" or something like this. We recently found this on one of our client VPS's and don't know what it does.

    /vz/root/145/home/lib/oxygen_kessel5
    /vz/root/145/home/lib/oxygen_kessel5/bin
    /vz/root/145/home/lib/oxygen_kessel5/conf
    /vz/root/145/home/lib/oxygen_kessel5/data
    /vz/root/145/home/lib/oxygen_kessel5/www
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_base.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_bb.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_bl.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_cfg.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_ch.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_ctl.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_dbi.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_dm.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_feeds.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_hp.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_ipc.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_jr.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_log.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_rs.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_sockets.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_version.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_wd.pyo
    /vz/root/145/home/lib/oxygen_kessel5/bin/oxygen_zip.pyo
    /vz/root/145/home/lib/oxygen_kessel5/conf/BlackList.o2
    /vz/root/145/home/lib/oxygen_kessel5/conf/BlackList.o2.lock
    /vz/root/145/home/lib/oxygen_kessel5/conf/DomainConfig.o2
    /vz/root/145/home/lib/oxygen_kessel5/conf/DomainConfig.o2.lock
    /vz/root/145/home/lib/oxygen_kessel5/conf/IpConfig.o2
    /vz/root/145/home/lib/oxygen_kessel5/conf/Ipconfig.o2
    /vz/root/145/home/lib/oxygen_kessel5/conf/Ipconfig.o2.lock
    /vz/root/145/home/lib/oxygen_kessel5/conf/LinkConfig.o2
    /vz/root/145/home/lib/oxygen_kessel5/conf/LinkConfig.o2.lock
    /vz/root/145/home/lib/oxygen_kessel5/conf/magic_dict.txt
    /vz/root/145/home/lib/oxygen_kessel5/conf/names_dict.txt
    /vz/root/145/home/lib/oxygen_kessel5/conf/oxygen_hp.o2s
    /vz/root/145/home/lib/oxygen_kessel5/conf/oxygenr.conf
    /vz/root/145/home/lib/oxygen_kessel5/conf/oxygenr.crt
    /vz/root/145/home/lib/oxygen_kessel5/conf/oxygenr.key
    /vz/root/145/home/lib/oxygen_kessel5/data/drop_cache

    Has anybody seen it?

    Thanks,
    Andrew.

  2. #2
    Join Date
    Apr 2007
    Location
    Brussels, Belgium
    Posts
    18
    have you tried doing a strace/truss on the process that is running on your server ?

  3. #3
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,911
    I don't think its malicious and looks like this might give some info on it.

    http://download.cnet.com/Oxygen-O2/3...-10186139.html

    To my knowledge this can be installed on Linux...

  4. #4
    thanks for hints on this, guys, will check those out...

    just two files are particularly worrying us:

    /vz/root/145/home/lib/oxygen_kessel5/conf/magic_dict.txt
    /vz/root/145/home/lib/oxygen_kessel5/conf/names_dict.txt

    they contain dictionary-like usernames and passwords...

Similar Threads

  1. Malicious script injected - via IIS or HTTP
    By Ripside in forum Hosting Security and Technology
    Replies: 6
    Last Post: 11-13-2009, 05:16 PM
  2. Malicious code script on idex page, been injected
    By abeez in forum Hosting Security and Technology
    Replies: 12
    Last Post: 08-13-2006, 10:51 AM
  3. Malicious Script detectiv program
    By horst in forum Hosting Software and Control Panels
    Replies: 0
    Last Post: 11-14-2005, 07:42 PM
  4. Uploader script and malicious codes
    By jay03 in forum Programming Discussion
    Replies: 3
    Last Post: 07-07-2005, 12:14 PM
  5. Malicious Script - Your advice please
    By cweb in forum Running a Web Hosting Business
    Replies: 16
    Last Post: 10-30-2003, 01:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •