rootkit/virus/trojan on squeeze 32 bit
Hi Debian
Just detected several modified binaries on one of my Debian Squeeze 32
bit, like /usr/bin/passwd, /bin/dash, /sbin/hdparm, /usr/bin/skype etc.
Modified files are bigger in size, but debsums does not complain about
them. I tried clamscan and avast on this binaries on another host, they
did not find anything. I also tried chkrootkit and rkhunter (but I did
not get possibility to boot from safe media yet).
You can find some good and binaries here [1]. This virus/rootkit seems
to be clever enough to deceive debsums, so it is Debian-related.
1. http://hurd.homeunix.org/~sena/bad-skype/
If I reinstall binaries, they become normal size, but become changed
again after reboot.
Any ideas? What else needs to be done? Currently I am going to reinstall
Debian box.
--
Best regards, Sergey Spiridonov
Reply to: