chkrootkit and LKM

To: debian-security@lists.debian.org
Subject: chkrootkit and LKM
From: IC0N <icon@icon.dyndns.org>
Date: Mon, 26 May 2003 15:27:05 +0200
Message-id: <20030526152705092164.GyazMail.icon@icon.dyndns.org>

Bonjour 

as Jacques Lavignotte <jaclavi@pollux.frmug.org> and Jens Schuessler
<jgs@trash.net> posted in their mails at 7th of March 2003 i have
exactly the same alert message using chkrootkit:

Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed

Sometimes I get 2 or 3 processes, sometimes NONE

is there a plausible reason why there could be a hidden prozess?
hidden even for root? even if LKM is not installed? i did not find
any possible reason. i only know that i can also "reproduce" the
alert by installing debian on a brand new harddisk. i used debian
woody 3.0 with kernel 2.2 CD Image of 11th of december 2002.

greetings icon

Reply to:

Follow-Ups:
- Re: chkrootkit and LKM
  - From: Eric LeBlanc <inouk@igt.net>

Prev by Date: unsubscribe
Next by Date: Re: chkrootkit and LKM
Previous by thread: unsubscribe
Next by thread: Re: chkrootkit and LKM
Index(es):
- Date
- Thread