[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Cryptic filenames in / of FC7T1



On 2/3/07, Jesse Keating <jkeating redhat com> wrote:
On Saturday 03 February 2007 16:08, Bernd Bartmann wrote:
> I've found some cryptic named files in under / in FC7T1:
>
> a-7QeJ
> HXv5pB
> xI6TYx
> Zgu_vF
>
> All files are 4 bytes long and contain "blat". Where do they come from?

So... this doesn't sound so good.

Are they in / or in a subdirectory.

They are directly under /.

Who owns the files?

What are the timestamps on the files?

-rw-------   1 root root     4  3. Feb 20:49 a-7QeJ
-rw-------   1 root root     4  3. Feb 22:22 h6fs6y
-rw-------   1 root root     4  3. Feb 22:22 HOB-pX
-rw-------   1 root root     4  3. Feb 21:01 HXv5pB
-rw-------   1 root root     4  3. Feb 21:01 xI6TYx
-rw-------   1 root root     4  3. Feb 20:49 Zgu_vF

When was the last time you walked away while logged in?
Are you still connected to the network?
Have you seen a jump in your traffic?

Your question seems to suggest some kind of malware!? This is
certainly not the case.
I more suspect some of the init scripts redirecting output where it
shouldn't. The system is a freshly installed FC7T1 + some reboots. No
one besides myself has access to the system.

Best regards,
Bernd.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]