Tracking down h4X0rZ

“After closer investigation this machine had a few rogue
processes noticed by issuing “ps auxww”. These commands
were listed as “/usr/sbin/httpd” and not the full path
to the normal httpd binary on that system. The ps name was forged.
After catting “/proc//status” I could see that the
process running was actually perl.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis