solution: 2.4.18 fork & defunct child.

From: Keith Whyte
Date: Wed Nov 19 2003 - 21:45:29 EST


Folks thanks to everyone who helped me out with this, I just found the file 982235016-gtkrc-429249277 in /tmp
It kept reappearing as it tried to rm * -r in /tmp and
a quick google search led me to find out where it came from.

A few weeks ago i installed a binary that i got from a friends machine, and i just checked his machine. It has the trojan also. that explains a lot. It was a realserver binary (no longer available for d/l)and i ran it once as root as it likes to listen on port 554, before I changed that config and set up a user to run it. aggh. so easy to let something slip through. never trust binaries... no matter where they come from.

Keith.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/