Re: LKM Trojan installed
From: Cal Peake (bugtraq@absolutedigital.net)
Date: 02/08/03
- Previous message: Zow: "Re: LKM Trojan installed"
- In reply to: Rivanor P. Soares: "LKM Trojan installed"
- Next in thread: Dragos Ruiu: "Re: LKM Trojan installed"
- Reply: Dragos Ruiu: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 7 Feb 2003 19:27:23 -0500 (EST) From: Cal Peake <bugtraq@absolutedigital.net> To: "Rivanor P. Soares" <rivanor@bol.com.br>
> While running 'chkrootkit' at my box (RH 7.3) I saw the following:
>
> Checking `lkm'... You have 69 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Could this be *true* ? How can I discover it?
Rivanor,
I know that RH patches their ps command to hide threads. If you're running
a multi-threaded process (such as coldfusion) it very well could be why
you're getting this warning.
-Cal
- Next message: Bruce Garlock: "Re: LKM Trojan installed"
- Previous message: Zow: "Re: LKM Trojan installed"
- In reply to: Rivanor P. Soares: "LKM Trojan installed"
- Next in thread: Dragos Ruiu: "Re: LKM Trojan installed"
- Reply: Dragos Ruiu: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
