a voir:

https://serverfault.com/questions/705217/usr-bin-host-executed-by-hacked-php-script

https://forums.cpanel.net/threads/suspicious-process-usr-bin-host-run-by-users-on-server.396312/

https://serverfault.com/questions/554801/usr-bin-host-being-used-in-http-ddos-on-debian