sounds like a rootkit On Wed, Jul 27, 2011 at 9:37 AM, Roar Thronæs <ro...@nvg.ntnu.no> wrote:
> Hi > > I'm sure this lib does not originate from debian, but have anyone seen it > in their system? (Found it in one of mine) > > It is loaded with ld.so.preload. > > Interesting finds with nm -D > 00000d34 T accept > 00000ded T read > 00001188 B real_accept > 00001184 B real_read > U execl > U exit > U fork > > And with strings: > HISTFILE=/dev/null > /bin/sh > /bin/bash > > Md5sum 66be3040457da0b9b9ebe767ca6bd76f /tmp/libaux.so.1 > > I found no useful google hits for it, but I think I should have. > > Is this one known, presumably by some other name? > Does anyone want it to look at? > > -- > Regards, > -Roar Thronæs > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > http://lists.debian.org/20110727133724.ga8...@sabre-wulf.nvg.ntnu.no > >
