[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Is this a virus : "/tmp/orbit-<blabla>"
- From: achana saysit com
- To: redhat-list redhat com
- Subject: Re: Is this a virus : "/tmp/orbit-<blabla>"
- Date: Fri Sep 27 19:09:28 2002
I wouldn't delete it just yet.
If you have got Apache collaborating with Tomcat and the servlets talk
with DB's somewhere on the network, then probably at some point we might
be considering CORBA or RMI or something like that...
"phil bluemidnight com" wrote:
>
> I have this on one of my machines too -- /tmp/orbit-<username> -- I ran the
> rpm --what requires command below and got:
>
> no package requires ORBit-0.5.7-3
>
> Anyone have any other ideas? Should I just uninstall the package?
>
> > From: Ward William E DLDN <wardwe navseadn navy mil>
> > Reply-To: redhat-list redhat com
> > Date: Fri, 27 Sep 2002 13:26:29 -0400
> > To: "'redhat-list redhat com'" <redhat-list redhat com>
> > Subject: RE: Is this a virus : "/tmp/orbit-<blabla>"
> >
> > Gordon, while you're right that it's PROBABLY
> > ORBit (an Open Source CORBA implementation),
> > it seems to me whenever someone asks that question
> > the answer can NEVER be "No". It's always got
> > to be "YES!", "Possibly" or "Probably not", since
> > most root kits are going to attempt to install
> > some service or device which masquerades as an
> > innocuous, or even required, program. Without
> > looking directly at the box, without (for
> > example) tripwire information, without.... well,
> > you get the point. Without all that stuff,
> > we can hazard a guess, but only Arthur can tell
> > for sure.
> >
> > In this case, though, this IS typical behavior
> > of ORBit; not everyone uses CORBA based programs,
> > so they don't necessarily have these files, but
> > once you start using CORBA based programs, ORBit
> > spits out lots of stuff like Arthur described.
> > He might be able to check RPM to see what he has
> > installed which required ORBit, and see if he's
> > using those programs. In this case, perhaps
> > he should do an
> >
> > rpm -q ORBit | xargs rpm -q --whatrequires
> >
> > to see what he might be running that is doing this?
> >
> > Bill Ward
> >
> >> -----Original Message-----
> >> From: Gordon Messmer [mailto:yinyang eburg com]
> >> Sent: Friday, September 27, 2002 12:13 PM
> >> To: redhat-list redhat com
> >> Subject: Re: Is this a virus : "/tmp/orbit-<blabla>"
> >>
> >>
> >> On Fri, 2002-09-27 at 08:08, Arthur Chan wrote:
> >>> Hi All.
> >>> I have these strange sub-dirs in /tmp/orb-<username>
> >>> , and in these sub-dirs , hundreds of files names like this :
> >>> "srwxr-xr-x orb-29348673785".
> >>> In the /tmp directory itself, many hundreds of files with names
> >>> similar to this : "file-fdhfgv878r"
> >>> Never seen them before, propagate faster than rabbits
> >>> Is this a virus ?
> >>
> >> No. `rpm -qi ORBit`
> >
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> > https://listman.redhat.com/mailman/listinfo/redhat-list
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://listman.redhat.com/mailman/listinfo/redhat-list
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]