19.15 Finding the mstream TrojanThe following find command will find candidate executables that might be the mstream DDoS Trojan:[2]
find / ! -fstype proc -type f -print | xargs grep -l newserver This might generate a false positive on /usr/bin/xchat. For suspected binaries the following will list the name of each file that very likely is mstream, if it is the mstream master controller or zombie: strings file | grep -l pong |
Top |