On Mon, Dec 8, 2014 at 4:52 PM, Alfred Baroti <[email protected]> wrote: > Anyone have any idea with what i am dealing with ?
This looks like a Jynx derived rootkit which relies on LD_PRELOAD [1]. [1] http://volatility-labs.blogspot.com/2012/09/movp-24-analyzing-jynx-rootkit-and.html Brandon Vincent _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
