Re: LKM Trojan installed
From: terry white (twhite@aniota.com)
Date: 02/08/03
- Previous message: Nathan Yocom: "Re: LKM Trojan installed"
- In reply to: Craig Holmes: "Re: LKM Trojan installed"
- Next in thread: Brian Hatch: "Re: LKM Trojan installed"
- Reply: Brian Hatch: "Re: LKM Trojan installed"
- Reply: Shawn M. Jones: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 8 Feb 2003 01:04:02 -0800 (PST) From: terry white <twhite@aniota.com> To: focus-linux <focus-linux@lists.securityfocus.com>
on "2-7-2003" "Craig Holmes" writ:
: On February 7, 2003 07:41 am, Rivanor P. Soares wrote:
: > Checking `lkm'... You have 69 process hidden for ps command
: > Warning: Possible LKM Trojan installed
: > Could this be *true* ? How can I discover it?
: If this is true, then your 'ps' binary has been replaced with one that filters
: certain processes from your viewing.
: The best, easiest method to determine if this is true,
... i created a directory, copied 'ps' et al to it, and used chattr on
them. having a known good binary outside $PATH is something of a comfort
...
--
... i'm a man, but i can change,
if i have to , i guess ...
- Next message: Chris Travers: "IPTables stops logging after long uptime"
- Previous message: Nathan Yocom: "Re: LKM Trojan installed"
- In reply to: Craig Holmes: "Re: LKM Trojan installed"
- Next in thread: Brian Hatch: "Re: LKM Trojan installed"
- Reply: Brian Hatch: "Re: LKM Trojan installed"
- Reply: Shawn M. Jones: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
