TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Keylogging software

Date: Wed, 25 Oct 2006 19:45:08 +0900

From: <stephen@example.com>

Subject: Re: [tlug] Keylogging software

References: <453D95D8.6030807@example.com> <78d7dd350610240054g18a5a3b0qd0307fec1785a029@example.com> <1161767686.5356.54.camel@example.com>
scott writes:

 > Is there a way to detect this process if someone else has installed on
 > your machine? Will top pick it up?

Yes, unless they've also installed a hacked top.  You could try ps,
but they've probably hacked that too.  At this point you could do "cat
/proc/[0-9]*/cmdline | less", but they probably named the process
something like "apache2" and made it suid www-data.  Anyway, your
kernel's also probably been hacked and even /proc doesn't show the
process of that daemon.  Finally, your gcc has been replaced with
dmr-cc[1], so rebuilding from scratch won't help.

Sorry-I-can't-be-more-encouraging-ly y'rs,

Footnotes: 
[1]  Sorry, I don't have the URL offhand.  Dennis Ritchie's truly moby
hack of the Unix C compiler is such a famous story, though, somebody
must have it in their bookmarks.xml.
References:

[tlug] Keylogging software
From: Dave M G

Re: [tlug] Keylogging software
From: Nguyen Vu Hung

Re: [tlug] Keylogging software
From: scott

Prev by Date: Re: [tlug] PHP in Japan.

Next by Date: Re: [tlug] Doesn't the Ampersand make commands run in the background?

Previous by thread: Re: [tlug] Keylogging software

Next by thread: [tlug] .jp domain

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links