| 1 |
On 12/17/09 03:06, whereislibertyandjustice@×××××××××.net wrote: |
| 2 |
> In linux binaries, in any linux distro, I've discovered the same strings |
| 3 |
> which I believe may be due to a virus or trojan. |
| 4 |
> |
| 5 |
> Yet, clamav, rkhunter, chkrootkit do not detect abnormalities. |
| 6 |
> |
| 7 |
> Whether I run 'strings' on the binary files or view with vim or gedit, here |
| 8 |
> is what is always seen inside the binaries: |
| 9 |
> |
| 10 |
> |
| 11 |
> __gmon_start__ |
| 12 |
> _Jv_RegisterClasses |
| 13 |
> |
| 14 |
> Followed by commands which differ within each binary. |
| 15 |
> |
| 16 |
Can you give an example of what commands you are talking about? |
| 17 |
|
| 18 |
__gmon_start is part of a normal glibc |
| 19 |
http://repo.or.cz/w/glibc.git/blob/HEAD:/csu/gmon-start.c#l60 |
| 20 |
|
| 21 |
Almost every gcc compiled dynamicly linked binary contains references to |
| 22 |
_Jv_RegisterClasse. |
| 23 |
|
| 24 |
-- |
| 25 |
|
| 26 |
-- |
| 27 |
Karl Hiramoto http://karl.hiramoto.org/ |
Archives