[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: z2 (??!)



In message <Pine.LNX.3.96.970330174233.155D-100000@Starlight.trendline.co.il> y
ou write:
|  Hi,
|
|I noticed my machine was kinda lagging without anything major running, and
|top found a nice process called 'z2' running. Of course I killed it pretty
|fast. Then I searched for a file called 'z2'. It was hidden in
|/usr/include/sys/.? or something, along with all kindsa other goodies
|(rlogind, passwd, syslogd etc), and a file called "l2.tar", owned by 'lp'.
|
|Of course, all of these have been removed/disabled, no more than an hour
|after they were first uploaded. 
|
|This is obviously a hack-attempt, I wonder if anyone knows anything about
|it.

Hey!  Thanks for the tip.  Just found such files on one of my machines
too.  In my case under /usr/X11R6/lib/X11/app-defaults/.. /.^G (that's
a space after the '..').  Will try to run trace(1) on the files there
and see what they do.

Better run a find to look for any file with wierd names.

Cheers,

--Amos

--Amos Shapira                    | "Of course Australia was marked for
133 Shlomo Ben-Yosef st.          |  glory, for its people had been chosen
Jerusalem 93 805                  |  by the finest judges in England."
ISRAEL             amos@dsi.co.il |                     -- Anonymous


References: