Discovery DateSometime in 2002 from a Honeynet system

the-binary combines the function of

A hacker can use it to execute commands remotly as root (administrator under Linux) and lauch a DoS attack against other servers.

Method of infection

A hacker using the administrator account (root) on a Linux machine has executed the program.

Removal instructions

To stop it, run as root user the command kill -9 pid_of_false_mingetty or restart the machine. If this binary is part of a rootkit, extra operations may be needed.


This programs runs as root and hides under the name [mingetty]. On most system, you can see the real mingetty program as /sbin/mingetty.

The Denial of Service attacks can slow down your network connection.