P.S. The Pi is also running as a server.
P.P.S The Kaiten programme was running under root.
-
Ninjafishleg
- Posts: 5
- Joined: Sun Aug 18, 2013 6:07 pm
What is Kaiten? Virus?
Recently, my Pi CPU usage has been locked at about 95% constantly, despite the fact that I'm only running a small-ish python script. After a quick top command, I found that a programme called "kaiten" was using 90% of the CPU. After killing kaiten, everything seems to work fine and the CPU usage drops down to where it should be. A google search would suggest that Kaiten is a Trojen. How should I go about removing this and how worried should I be?
P.S. The Pi is also running as a server.
P.P.S The Kaiten programme was running under root.
P.S. The Pi is also running as a server.
P.P.S The Kaiten programme was running under root.
Re: What is Kaiten? Virus?
Re-image the SD card, or get a new one.
(i.e. Nuke it from orbit, it's the only way to be sure)
(i.e. Nuke it from orbit, it's the only way to be sure)
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.
Re: What is Kaiten? Virus?
Where did you get your SD card image from?
According to Symantec:
"The Trojan must be manually installed and executed by the user"
So either you have done this or your SD card provider has.
https://www.symantec.com/security_respo ... 18-2341-99
According to Symantec:
"The Trojan must be manually installed and executed by the user"
So either you have done this or your SD card provider has.
https://www.symantec.com/security_respo ... 18-2341-99
Memory in C++ is a leaky abstraction .
-
DougieLawson
- Posts: 39121
- Joined: Sun Jun 16, 2013 11:19 pm
- Location: A small cave in deepest darkest Basingstoke, UK
- Contact: Website Twitter
Re: What is Kaiten? Virus?
Or the OP has opened a port to the public internet without hardening the security on the system. Userid=pi with password=raspberry and allowed to use sudo with no protection is a very simple infection vector.Heater wrote:Where did you get your SD card image from?
According to Symantec:
"The Trojan must be manually installed and executed by the user"
So either you have done this or your SD card provider has.
https://www.symantec.com/security_respo ... 18-2341-99
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.
Criticising any questions is banned on this forum.
Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.
Criticising any questions is banned on this forum.
Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.
Re: What is Kaiten? Virus?
Well, in Japanese kaiten(回転) means spinning, and it uses up CPU, it sounds like some kind of pressure test program to me.
Anyway, re-image would help.
Anyway, re-image would help.
Re: What is Kaiten? Virus?
Some time ago there was this shellshock vulnerability in bash. There were reports where the vulnerability downloaded the source code of kaiten and compiled it with gcc for the target platform.
http://www.lucadonettidontin.it/blog/sh ... urce-code/
The bad thing is that if raspbian was not patched for shellshock you could infect the pi during the boot from the dhcp server.
The moral of the story: update security patches frequently.
http://www.lucadonettidontin.it/blog/sh ... urce-code/
The bad thing is that if raspbian was not patched for shellshock you could infect the pi during the boot from the dhcp server.
The moral of the story: update security patches frequently.
Re: What is Kaiten? Virus?
Heh, I've always wondered what would get installed on my web serving Pi if I ever let the constant onslaught of daily attacks succeed.