The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Advanced & Expert Users
Reload this Page unable to create any directory that uses numbers as the directory name
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: unable to create any directory that uses numbers as the directory name
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #8 (permalink)  
Old 12-15-2007
Hookups Hookups is offline
Registered User
  
 

Join Date: Dec 2007
Posts: 2
Does anybody have a copy of the 'mount' binary which was on these systems? Even a copy from backup is fine. I honestly suspect a rootkit being involved in this issue as I have seen it before. Looks like a number of binaries are involved, mount being one of them (due to how early it is called during bootup).

If you do have a copy from these systems, I would recommend you examine the impacted system's from another good kernel and then look for the binaries. You should find the 'mount' binary, another mount binary with what looks like a hash string appended to the end of the name, and then another empty mount file with another hash appended to the name. This seems to be the indicator that the system truly is infected.

Please post the binary to this forum, or PM me if you can supply me with a copy for analysis. I am interested to know if this is the same exact MD5 hash I found or not. Would really like to identify this particular rootkit and get some signatures out there so other people can find it easier.