Re: LKM Trojan installed
From: Dragos Ruiu (dr@kyx.net)
Date: 02/08/03
- Previous message: Shawn M. Jones: "Re: LKM Trojan installed"
- In reply to: Cal Peake: "Re: LKM Trojan installed"
- Next in thread: Bruce Garlock: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Dragos Ruiu <dr@kyx.net> To: Cal Peake <bugtraq@absolutedigital.net>, "Rivanor P. Soares" <rivanor@bol.com.br> Date: Sat, 8 Feb 2003 11:33:36 +0000
On February 8, 2003 12:27 am, Cal Peake wrote:
> > While running 'chkrootkit' at my box (RH 7.3) I saw the following:
> >
> > Checking `lkm'... You have 69 process hidden for ps command
> > Warning: Possible LKM Trojan installed
> >
> > Could this be *true* ? How can I discover it?
>
> Rivanor,
>
> I know that RH patches their ps command to hide threads. If you're running
> a multi-threaded process (such as coldfusion) it very well could be why
> you're getting this warning.
_process_ threads
-- dr@kyx.net pgp: http://dragos.com/ kyxpgp http://cansecwest.com
- Next message: Richard Dicaire: "Re: IPTables stops logging after long uptime"
- Previous message: Shawn M. Jones: "Re: LKM Trojan installed"
- In reply to: Cal Peake: "Re: LKM Trojan installed"
- Next in thread: Bruce Garlock: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
