Bob Tanner <tanner at real-time.com> writes:

> We (at Real Time) are seen evidence of Scalper and Slapper, so for your
> pleasure:
> 
> + chkrootkit-0.37-realtime.1
> - chklastlog.c fix; (thanks to Gerard van Wageningen)
> - chkproc.c improvements; (thanks to Morohoshi Akihiko, Kostya Kortchinsky 
>   and Aaron Sherman)
> - new rootkits detected:
>   o OpenBSD rk v1
>   o Illogic rootkit (thanks to Andrey Chernomyrdin)
>   o SK rootkit (thanks to Razvan Cosma)
> - new worms detected:
>   o Scalper (FreeBSD/Apache chunked encoding worm)
>   o Slapper (Apache/mod_ssl Worm)
> 
> Since gladiator is still syncing, the RPM will be available here:
> 
> http://www.tanners.org/~tanner/downloads/RPMS/

There's a bug in the chkrootkit script where it requires that the
chkproc executable be in the same directory the script is running in.
It isn't in a normal install from your rpm (unless you run chkrootkit
from /usr/bin).

And it says nothing is wrong with my system, which I'm nearly certain
is false (probably an LKM).  Key executables change over time, and
when a changed one is run extra processes are spawned.  And they
usually hang.  I think I've got a partial, failed, installation of
something on my server.  Bah, humbug.
-- 
David Dyer-Bennet, dd-b at dd-b.net  /  http://www.dd-b.net/dd-b/
 John Dyer-Bennet 1915-2002 Memorial Site http://john.dyer-bennet.net
	   Dragaera mailing lists, see http://dragaera.info