From owner-freebsd-stable@FreeBSD.ORG  Sun Dec 24 00:05:04 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 184E816A403
	for <freebsd-stable@freebsd.org>; Sun, 24 Dec 2006 00:05:04 +0000 (UTC)
	(envelope-from freebsd-stable@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.freebsd.org (Postfix) with ESMTP id C38CC13C44E
	for <freebsd-stable@freebsd.org>; Sun, 24 Dec 2006 00:05:01 +0000 (UTC)
	(envelope-from freebsd-stable@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1GyGRc-00052w-91
	for freebsd-stable@freebsd.org; Sun, 24 Dec 2006 00:38:24 +0100
Received: from cmung1278.cmu.carnet.hr ([193.198.133.8])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Sun, 24 Dec 2006 00:38:24 +0100
Received: from ivoras by cmung1278.cmu.carnet.hr with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Sun, 24 Dec 2006 00:38:24 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-stable@freebsd.org
From: Ivan Voras <ivoras@fer.hr>
Date: Sun, 24 Dec 2006 00:38:24 +0100
Lines: 9
Message-ID: <emkel7$hhe$1@sea.gmane.org>
References: <7cf39bb60612231257p1a8a62c3g43a9da939306a59e@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: cmung1278.cmu.carnet.hr
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
In-Reply-To: <7cf39bb60612231257p1a8a62c3g43a9da939306a59e@mail.gmail.com>
X-Enigmail-Version: 0.94.1.0
Sender: news <news@sea.gmane.org>
Subject: Re: chkrootkit finds 94 process hidden for readdir
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Dec 2006 00:05:04 -0000

Matthew Herzog wrote:

> I ran chkrootkit yesterday and saw this:
> 
> Checking `lkm'... You have    94 process hidden for readdir command
> chkproc: Warning: Possible LKM Trojan installed

Does LKM stand for "Linux Kernel Module"? If so, no wonder the check has
gone lala :)