Re: libcbtsysinfo in /home/user

[Jeff D <fixedored@gmail.com>]

On Fri, 27 Jul 2007, Magnus Pedersen wrote:

> Douglas Allan Tutty wrote:
> > On Fri, Jul 27, 2007 at 10:38:46PM +0200, Magnus Pedersen wrote:
> >  >
> > > > What is the timestamp of the file?  What were you doing then?
> > > The file is from the 24th of this month, where the computer was off, so 
> > > that is no help, unfortunately :-/ And the new directory showed up today.
> > >
> > > Yes, there is a user "magnus" thats me, the directory showed up in my 
> > > homedirectory, sorry I could have been a bit more clear about that.
> > >
> > > I'm upgrading iceweasel to 2.0.0.5 right now, have been running the one 
> > > from testing (2.0.0.3) just in case it is a securityhole in the browser 
> > > (not at all sure it is).
> >
> > The fact that a file got touched so that it appears to have been created
> > while it was off raises all kinds of red flags.  If it was a security
> > hole in a browser, you have no guarantee that replacing the browser will
> > fix the problem.  You may have malware running amok now. 
> > Doug.
> I know, there is nothing suspect in top though, it seems that it is only this 
> one useraccount that is affected. There are no weird directories in the other 
> accounts or in otherplaces on the system.
>
> /Magnus
>
>
> --

lsof might be of some help. but, if your system has been compromised, you 
can't really trust any of your binaries to tell you the truth anyway.

-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.