Yep, checked it out on my server here at home, and there's a bunch of --MARK--'s
Now, what kind of processes su to root from user nobody. My server here at home has them as well, and I *know* that it can't have gotten hacked - internal network. That was the part that really had me worried. (Or is there still a possibility that I was hacked?)
What started it all was that just before I got my firewall up and running, I couldn't log on to the system through gdm. If I took it off the network and rebooted, everything was fine. So I made sure the firewall was online and changed my password to something long and difficult to crack (although, being on a T1 at work makes it kind of easy for someone with enough time). That fixed the problem, but I noticed this stuff from "nobody", even though nobody has a /bin/false login shell.