Re: rkhunter message

To: debian-curiosa@lists.debian.org
Subject: Re: rkhunter message
From: Alberto Gonzalez Iniesta <agi@inittab.org>
Date: Tue, 6 Oct 2009 11:48:39 +0200
Message-id: <20091006094839.GB5064@var.inittab.org>
Mail-followup-to: debian-curiosa@lists.debian.org

On Mon, Oct 05, 2009 at 05:09:16PM -0400, Fooo Barrrrrrrr wrote:
> I got this from the rkhunter cron job today ( never seen it before, or the 
> files listed):
> Warning: Suspicious file types found in /dev:
>          /dev/shm/mono-shared-1000-shared_fileshare-fooooobaarrr.homelinux.org-Linux-i686-36-12-0: 
> data
>          /dev/shm/mono-shared-1000-shared_data-fooooobarrrr.homelinux.org-Linux-i686-312-12-0: 
> data
>          /dev/shm/mono.17997: data
> 
> 
> :/dev/shm# ls -l
> total 8
> -rw-r----- 1 pbc pbc    4096 2009-10-04 13:11 mono.17997
> -rw-r----- 1 pbc pbc   79880 2009-10-04 13:11 
> mono-shared-1000-shared_data-foooobarrrrr.homelinux.org-Linux-i686-312-12-0
> -rw-r----- 1 pbc pbc 3686404 2009-10-04 13:11 
> mono-shared-1000-shared_fileshare-fooooobarrrr.homelinux.org-Linux-i686-36-12-0
> 
> 
> should I be worried?
> running lenny, updated..

I would definitely be worried! It's not a worm, not a Trojan, it's not a
rootkit,... it looks like .....you are.... running..... MONO!! ZOMG!!



(File and submitter names obfuscated since this is just a (scary) joke).
-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3

Reply to:

Prev by Date: Re: Revisited: The Big Swirl Umbrella
Next by Date: Re: Revisited: The Big Swirl Umbrella
Previous by thread: Re: Bug#548335: marked as done (base-files: include CC-BY-3.0 licenses in common-licenses)
Next by thread: Re: Bug#551123: ITP: echinus -- lightweight tiling window manager
Index(es):
- Date
- Thread