[lug] Discovering calling process
Scott A. Herod
herod at interact-tv.com
Fri Dec 15 17:29:09 MST 2000
"D. Stimits" wrote:
>
> "Scott A. Herod" wrote:
> >
> > To find out who was starting certain processes, I ended up
> > replacing everything that I wanted to know about with a script
> > that sent the output of 'ps -elf' to a /tmp and then
> > called the moved, actual process. Turns out I had a modified
> > version of 'egrep'. :-(
> >
> > Things to learn: Practice safe networking from the very
> > beginning, and get rid of the rpc Trojan Horse.
> >
> > Scott
> >
>
> Do you think the egrep was a "malicious" modified version then? I'm
> curious as to where/how you believe it got on your system.
>
Definitely yes based on other evidence.
More information about the LUG
mailing list