Michael Lazin on 16 Jan 2019 10:17:37 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] time to reinstall |
Remember a while back I noticed certain processes eating up 60% of cpu?
After serious detective work, I found Interesting Stuff.
5 processes phone OVH hosting, with multiple address ranges
NetMgr seems fond of Virgin Media
When FF comes up, it visits some film festival in Canada (per netstat,
but not viewed in FF).
I firewalled everything and am ready to reinstall, but what is this and
where did it come from? No amount of searching turns up anything. Miner?
Nothing from any scanner or rkhunter.
A packet cap turned up a tiny amount of what looks like obfuscated code,
featuring 'blobs'. I guess I have the Blobs.
"{"method":"login","params":{"login":"49WAk6Txxxxxxxxxxxxxxetc"
"jsonrpc":"2.0"
{"blob":"0909d49xxxxxxxxxxx, "job_idxxxxx'
Aside from that, everything's fine.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug