solution: 2.4.18 fork & defunct child.
From: Keith Whyte
Date: Wed Nov 19 2003 - 21:45:29 EST
Folks thanks to everyone who helped me out with this, I just found the
file 982235016-gtkrc-429249277 in /tmp
It kept reappearing as it tried to rm * -r in /tmp and
a quick google search led me to find out where it came from.
A few weeks ago i installed a binary that i got from a friends machine,
and i just checked his machine. It has the trojan also. that explains a
lot. It was a realserver binary (no longer available for d/l)and i ran
it once as root as it likes to listen on port 554, before I changed that
config and set up a user to run it. aggh. so easy to let something slip
through. never trust binaries... no matter where they come from.
Keith.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/