[plug] Possible LKM Trojan?
Rob Davies
rob at ftp.rjdarts.com
Wed Dec 3 09:30:39 WST 2003
Mornin Chris,
Here is a link from the Debian investigation report released last night.
HTH
http://www.wiggy.net/debian/developer-securing/
The link to full report
On Wed, 2003-12-03 at 09:11, Chris Caston wrote:
> Hello,
>
> I have just run chkrootkit (for the first time) and got a message saying
> that I may have an LKM Trojan installed:
>
> Checking 'lkm'... You have 9 processes hidden for readdir command
>
> You have 9 process hidden for ps command
> Warning possible LKM trojan installed.
>
> Anyone know how to check for this?
>
> I've just updated and started running ClamAV (clamscan --recursive)
> from the root directory. I'll post back if it finds anything.
>
> Oh and does LKM stand for Linux Kernel Module?
>
> thanks,
>
> Chris Caston
>
> _______________________________________________
> plug mailing list
> plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list