Tracking down h4X0rZ
Jun 08, 2007, 16:00 (2 Talkback[s])
"After closer investigation this machine had a few rogue
processes noticed by issuing “ps auxww”. These commands
were listed as “/usr/sbin/httpd” and not the full path
to the normal httpd binary on that system. The ps name was forged.
After catting “/proc//status” I could see that the
process running was actually perl."