Where are those files created

To: debian-user@lists.debian.org
Subject: Where are those files created
From: Chris <chris2014@postbox.xyz>
Date: Tue, 20 Jan 2015 06:05:40 +0100
Message-id: <[🔎] 54BDE224.8020508@postbox.xyz>
In-reply-to: <[🔎] 20150106180456.GA8657@fever.havannah.local>
References: <[🔎] 20150106180456.GA8657@fever.havannah.local>

Danny,

On 01/06/2015 07:04 PM, Danny wrote:
> ########################################################## 
> -rwxr-xr-x 1 root root  648K Dec 11 17:17 /boot/dippqejwvf 
> ##########################################################

could you narrow down, where those strange files are created?

Were there any suspicious cronjobs?

Does anyone know any kind of trojan that acts like that?

Obviously, the attacker got root permissions either way, otherwise he
couldn't place those files in /boot.

I think it's an interesting discussions, since linux malware is rather
rare, at least compared to windows viruses.

I'm interested if this is taking place thoroughly in user space or if
there are any kernel modifications.

TIA!

-- 
Gruß,
Christian

Reply to:

References:
- Have I been hacked?
  - From: Danny <mynixmail@gmail.com>

Prev by Date: Re: typescript of terminal session
Next by Date: Re: Apache or Radius crash
Previous by thread: Re: Have I been hacked?
Next by thread: Hard Drive Issues - smartmontools
Index(es):
- Date
- Thread