[58360] in Hotline Meeting
Re: Case 258851: nameless process on w20-575-28
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Fri Feb 15 01:47:03 2002
Message-Id: <200202150644.BAA22375@stratton-three-thirty-two.mit.edu>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: KENTA@MIT.EDU
cc: hotline@MIT.EDU, ops@MIT.EDU
In-reply-to: Your message of "Thu, 14 Feb 2002 16:36:26 EST."
<200202142136.QAA14504@hampster.mit.edu>
Date: Fri, 15 Feb 2002 01:44:27 -0500
> There is a strange process with no name running as root on
> w20-575-8. Normally I would just reboot to kill it, but
> it's weirdness suggests it might be some sort of malicious
> program (trojan horse, keystroke recorder, etc.) so I'm
> leaving it to let you take a look.
I took a look at this and it appears to be part of some distributed
factoring project. I've cleaned up the machine. The user who left it
running will be referred to stopit. Thanks for letting us know about
it since it could have been something more malicious.
Jonathon Weiss
jweiss@mit.edu
MIT/IS Athena Server Operations
