trojaned SSHD ?

From: Karthik Krishnamurthy (karthik.k@extremix.net)
Date: 09/21/01


Date: Fri, 21 Sep 2001 06:16:33 +0530
From: Karthik Krishnamurthy <karthik.k@extremix.net>
To: FOCUS-SUN@securityfocus.com
Subject: trojaned SSHD ?
Message-ID: <20010921061633.B1664@graf-spee.hn.extremix.net>

Hullo list,
        Saw this recently on a SunOS 2.6 running sshd version 1.2.26 [sparc-sun-solaris2.6]

        output of strings /usr/local/sbin/sshd | more

        snip

        ...skipping
        ls -alni /tmp/. 2>/dev/null
        w 2>/dev/null
        netstat -s 2>/dev/null
        netstat -an 2>/dev/null
        netstat -in 2>/dev/null
        /dev/random
        
        
        Looks very suspicious. Anybody else seen something like this ?

Karthik