3
3
I noticed some strange python process trying to access IPs which seem to belong to Google, such as 74.125.77.109 (according to whois). The process has this initialization command in ps:
bash -c P=python2; $P -V 2>/dev/null || P=python; "$P" -c 'import sys; \
skip_imports=1; verbosity=2; exec compile(sys.stdin.read(764), \
"assembler.py", "exec")'
Any ideas what this could be?
GJ.
Posted 2011-05-16T08:33:21.850
Reputation: 8 151
3Does not look good from the security POV. Please do #locate assembler.py and try to open that file. – lzap – 2011-05-16T09:04:52.907
1Try running
pstree -H the_pid_of_that_procees. It could give you better clues as to what exactly spawned that. – Mat – 2011-05-16T09:08:11.103I have seen Google using python for internal components before, but this is a bit odd. All of the tips here are good: find assembler.py, check out the process tree, and take a look in the proc filesystem. – jcrawfordor – 2011-08-31T20:20:46.937