LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-17-2005, 10:45 AM   #1
bleunuit
LQ Newbie
 
Registered: May 2004
Posts: 18

Rep: Reputation: 0
Possible rootkit?


Hello,

I was recently checking for suspicious activity on my mail server and found 5 rather large files, (roughly 300 meg each) in my /var directory. They have an old timestamp but I do not remember seeing them before.

The only text inside of these files is ioutbkuytbv over and over with newlines.

Is this some form of rootkit script kiddy crap? Has anyone else seen this before?

thanks
-bleunuit
 
Old 05-17-2005, 12:35 PM   #2
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 50
What was the name of the file? Google for the name and content, maybe you will find something.
Check with rkhunter if it can detect any rootkits. If you do find information about this, you should post it and share it with us.

Last edited by Ephracis; 05-17-2005 at 12:40 PM.
 
Old 05-17-2005, 12:49 PM   #3
bleunuit
LQ Newbie
 
Registered: May 2004
Posts: 18

Original Poster
Rep: Reputation: 0
The files have numeric names, 1 -> 5, with timestamps dating back to oct. 11 2004.

Its very very strange how these files appeared here. I've googled the content of these files, but the search revealed nothing.

If I find out anthing I will most definitly share the information.
 
Old 05-17-2005, 11:44 PM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
So the files, entirely, are /var/1 /var/2 /var/3 /var/4 /var/5?
 
Old 05-18-2005, 03:21 PM   #5
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 50
To me it does not really sound as a rootkit, more like some program that has run amok. Who is the owner of the files? What are the permissions?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
where can I get rootkit ?? iamthewind Linux - Security 21 05-04-2008 01:57 PM
rootkit? basilogics Linux - Software 2 08-19-2005 08:16 AM
rootkit: infected??? help synaptical Linux - Security 4 05-16-2005 07:11 PM
rootkit? linuxtesting2 Linux - Security 3 12-06-2004 08:43 AM
irssi with a rootkit _LR_ Linux - Networking 5 05-30-2002 04:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration