Where are those files created
Danny,
On 01/06/2015 07:04 PM, Danny wrote:
> ##########################################################
> -rwxr-xr-x 1 root root 648K Dec 11 17:17 /boot/dippqejwvf
> ##########################################################
could you narrow down, where those strange files are created?
Were there any suspicious cronjobs?
Does anyone know any kind of trojan that acts like that?
Obviously, the attacker got root permissions either way, otherwise he
couldn't place those files in /boot.
I think it's an interesting discussions, since linux malware is rather
rare, at least compared to windows viruses.
I'm interested if this is taking place thoroughly in user space or if
there are any kernel modifications.
TIA!
--
Gruß,
Christian
Reply to: