amule security

[hippocampe]

A file called "a.out" appeared on my disk and it should not be there.

This is the second time I noted this. Both times I was running amule and a couple of ports were open on my system (for amule). Both times, the size of the file is zero.

This makes me believe that my computer was compromised and someone tried to compile a program on it.

However, I wonder why the file was left in such an obvious place and why its size is zero?

 

After the first time it happened, I upgraded to Mandriva 2007. However, it just happened again. This makes me think that amule is the problem here. I am running version 2.1.3-2. I looked in its changelogs and on the internet but I can't find known vulnerabilities for amule anywhere.

 

I ran chkrootkit and rkhunter but none of them found anything interesting. Nothing worth mentioning in the logs either.

 

Am I just paranoid or is there any other explanations for this? Where should I look next to get more info on what else might have been done on the machine?

 

Thanks

[scarecrow]

That file is created whenever you (or a program) successfully executes the "ld" command. personally I wouldn't worry.

[hippocampe]

oh :o

Now I remember. I often type by mistake ld instead of ls.

Gotta try this once I get back to Mandriva.

Strange, I tried it on Kubuntu and Suse but they do not create an empty a.out file.

[hippocampe]

Tried it on mandriva but I get this:

 

$ ld
ld: no input files

 

and no a.out file produced.

 

Scarecrow: as you said, the file is a result of a *successful* run of ld. That should occur only if someone successfully compiled a program AFAIK?

That brings more questions since I haven't compiled anything since I installed mandriva.