Gentoo Archives: gentoo-security

From: Ned Ludd <solar@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] gmonstart / jvregisterclasses in tons of binaries with commands,malware?
Date: Thu, 17 Dec 2009 12:03:36
Message-Id: 1261048490.5675.4.camel@localhost
In Reply to: [gentoo-security] gmonstart / jvregisterclasses in tons of binaries with commands,malware? by whereislibertyandjustice@Safe-mail.net
1 On Wed, 2009-12-16 at 21:06 -0500,
2 whereislibertyandjustice@×××××××××.net wrote:
3 > In linux binaries, in any linux distro, I've discovered the same strings
4 > which I believe may be due to a virus or trojan.
5 >
6 > Yet, clamav, rkhunter, chkrootkit do not detect abnormalities.
7 there is none. And I don't think any of the above mention tools actually
8 will dig as deep as symbols of an ELF.
9
10 > Whether I run 'strings' on the binary files or view with vim or gedit, here
11 > is what is always seen inside the binaries:
12 >
13 >
14 > __gmon_start__
15 > _Jv_RegisterClasses
16
17 These symbols are normal and nothing to really get over paranoid about.
18 Some years ago I had a patch for uClibc/gcc where I removed the _Jv_R..
19 weak symbol, but in the end it was not worth it.
20 There is no attack vector there.