Gentoo Linux -- List Archive: gentoo-security

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647

List Archive: gentoo-security

Navigation:

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >

Headers:

To:	gentoo-security@g.o
From:	Karl Hiramoto <karl@...>
Subject:	Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?
Date:	Thu, 17 Dec 2009 07:00:46 +0100

On 12/17/09 03:06, whereislibertyandjustice@... wrote:
> In linux binaries, in any linux distro, I've discovered the same strings
> which I believe may be due to a virus or trojan.
>
> Yet, clamav, rkhunter, chkrootkit do not detect abnormalities.
>
> Whether I run 'strings' on the binary files or view with vim or gedit, here
> is what is always seen inside the binaries:
>
>
> __gmon_start__
> _Jv_RegisterClasses
>
> Followed by commands which differ within each binary.
>   
Can you give an example of what commands you are talking about?

__gmon_start is part of a normal glibc 
http://repo.or.cz/w/glibc.git/blob/HEAD:/csu/gmon-start.c#l60

Almost every gcc compiled dynamicly linked binary contains references to
_Jv_RegisterClasse.

-- 

--
Karl Hiramoto  http://karl.hiramoto.org/

References:

gmonstart / jvregisterclasses in tons of binaries with commands,malware?
-- whereislibertyandjustice

Navigation:

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >

Previous by thread:

Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?

Next by thread:

Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?

Previous by date:

Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?

Next by date:

Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?

Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.