It kept reappearing as it tried to rm * -r in /tmp and
a quick google search led me to find out where it came from.
A few weeks ago i installed a binary that i got from a friends machine, and i just checked his machine. It has the trojan also. that explains a lot. It was a realserver binary (no longer available for d/l)and i ran it once as root as it likes to listen on port 554, before I changed that config and set up a user to run it. aggh. so easy to let something slip through. never trust binaries... no matter where they come from.
Keith.
- : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
