Cryptic filenames in / of FC7T1
Bernd Bartmann
bernd.bartmann at gmail.com
Sat Feb 3 21:30:39 UTC 2007
On 2/3/07, Jesse Keating <jkeating at redhat.com> wrote:
> On Saturday 03 February 2007 16:08, Bernd Bartmann wrote:
> > I've found some cryptic named files in under / in FC7T1:
> >
> > a-7QeJ
> > HXv5pB
> > xI6TYx
> > Zgu_vF
> >
> > All files are 4 bytes long and contain "blat". Where do they come from?
>
> So... this doesn't sound so good.
>
> Are they in / or in a subdirectory.
They are directly under /.
> Who owns the files?
>
> What are the timestamps on the files?
-rw------- 1 root root 4 3. Feb 20:49 a-7QeJ
-rw------- 1 root root 4 3. Feb 22:22 h6fs6y
-rw------- 1 root root 4 3. Feb 22:22 HOB-pX
-rw------- 1 root root 4 3. Feb 21:01 HXv5pB
-rw------- 1 root root 4 3. Feb 21:01 xI6TYx
-rw------- 1 root root 4 3. Feb 20:49 Zgu_vF
> When was the last time you walked away while logged in?
> Are you still connected to the network?
> Have you seen a jump in your traffic?
Your question seems to suggest some kind of malware!? This is
certainly not the case.
I more suspect some of the init scripts redirecting output where it
shouldn't. The system is a freshly installed FC7T1 + some reboots. No
one besides myself has access to the system.
Best regards,
Bernd.
More information about the fedora-devel-list
mailing list