Gentoo Archives: gentoo-security

From: Karl Hiramoto <karl@××××××××.org>
To: gentoo-security@l.g.o
Cc: whereislibertyandjustice@×××××××××.net
Subject: Re: [gentoo-security] gmonstart / jvregisterclasses in tons of binaries with commands,malware?
Date: Thu, 17 Dec 2009 06:17:08
Message-Id: 4B29C90E.6060506@hiramoto.org
In Reply to: [gentoo-security] gmonstart / jvregisterclasses in tons of binaries with commands,malware? by whereislibertyandjustice@Safe-mail.net
On 12/17/09 03:06, whereislibertyandjustice@×××××××××.net wrote:
> In linux binaries, in any linux distro, I've discovered the same strings > which I believe may be due to a virus or trojan. > > Yet, clamav, rkhunter, chkrootkit do not detect abnormalities. > > Whether I run 'strings' on the binary files or view with vim or gedit, here > is what is always seen inside the binaries: > > > __gmon_start__ > _Jv_RegisterClasses > > Followed by commands which differ within each binary. >
Can you give an example of what commands you are talking about? __gmon_start is part of a normal glibc http://repo.or.cz/w/glibc.git/blob/HEAD:/csu/gmon-start.c#l60 Almost every gcc compiled dynamicly linked binary contains references to _Jv_RegisterClasse. -- -- Karl Hiramoto http://karl.hiramoto.org/