On 2/3/07, Jesse Keating <jkeating(a)redhat.com> wrote:
On Saturday 03 February 2007 16:08, Bernd Bartmann wrote:
> I've found some cryptic named files in under / in FC7T1:
>
> a-7QeJ
> HXv5pB
> xI6TYx
> Zgu_vF
>
> All files are 4 bytes long and contain "blat". Where do they come from?
So... this doesn't sound so good.
Are they in / or in a subdirectory.
They are directly under /.
Who owns the files?
What are the timestamps on the files?
-rw------- 1 root root 4 3. Feb 20:49 a-7QeJ
-rw------- 1 root root 4 3. Feb 22:22 h6fs6y
-rw------- 1 root root 4 3. Feb 22:22 HOB-pX
-rw------- 1 root root 4 3. Feb 21:01 HXv5pB
-rw------- 1 root root 4 3. Feb 21:01 xI6TYx
-rw------- 1 root root 4 3. Feb 20:49 Zgu_vF
When was the last time you walked away while logged in?
Are you still connected to the network?
Have you seen a jump in your traffic?
Your question seems to suggest some kind of malware!? This is
certainly not the case.
I more suspect some of the init scripts redirecting output where it
shouldn't. The system is a freshly installed FC7T1 + some reboots. No
one besides myself has access to the system.
Best regards,
Bernd.