[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: z2 (??!)
In message <Pine.LNX.3.96.970330174233.155D-100000@Starlight.trendline.co.il> y
ou write:
| Hi,
|
|I noticed my machine was kinda lagging without anything major running, and
|top found a nice process called 'z2' running. Of course I killed it pretty
|fast. Then I searched for a file called 'z2'. It was hidden in
|/usr/include/sys/.? or something, along with all kindsa other goodies
|(rlogind, passwd, syslogd etc), and a file called "l2.tar", owned by 'lp'.
|
|Of course, all of these have been removed/disabled, no more than an hour
|after they were first uploaded.
|
|This is obviously a hack-attempt, I wonder if anyone knows anything about
|it.
Hey! Thanks for the tip. Just found such files on one of my machines
too. In my case under /usr/X11R6/lib/X11/app-defaults/.. /.^G (that's
a space after the '..'). Will try to run trace(1) on the files there
and see what they do.
Better run a find to look for any file with wierd names.
Cheers,
--Amos
--Amos Shapira | "Of course Australia was marked for
133 Shlomo Ben-Yosef st. | glory, for its people had been chosen
Jerusalem 93 805 | by the finest judges in England."
ISRAEL amos@dsi.co.il | -- Anonymous
References:
- z2 (??!)
- From: Yaron <yaron@starlight.trendline.co.il>