[plug] Possible LKM Trojan?

Rob Davies rob at ftp.rjdarts.com
Wed Dec 3 09:30:39 WST 2003


Mornin Chris,

Here is a link from the Debian investigation report released last night.
HTH

http://www.wiggy.net/debian/developer-securing/

The link to full report
On Wed, 2003-12-03 at 09:11, Chris Caston wrote:
> Hello,
> 
> I have just run chkrootkit (for the first time) and got a message saying
> that I may have an LKM Trojan installed:
> 
> Checking 'lkm'... You have 	9 processes hidden for readdir command 
> 
> You have	9 process hidden for ps command
> Warning possible LKM trojan installed.
> 
> Anyone know how to check for this?
> 
> I've just updated and started running ClamAV (clamscan --recursive)
> from the root directory. I'll post back if it finds anything.
> 
> Oh and does LKM stand for Linux Kernel Module?
> 
> thanks,
> 
> Chris Caston
> 
> _______________________________________________
> plug mailing list
> plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug




More information about the plug mailing list