Diego Brouard schreibt:
As you've seen you have been cracked by a "worm", it's calledRST.b. In few words, it infect exectable files in /bin and in the current directory from where you are executing an already infected binary. You were infectedbecause of a php bug and the ptrace bug.
Might be a side effect of the tools that were used.A quick scan with f-prot shows several infected files on the server www.slacks.hpg.ig.com.br:
www.slacks.hpg.ig.com.br/bin/telnetd Infection: Unix/RST.B www.slacks.hpg.ig.com.br/bin/sslscan Infection: Unix/RST.B www.slacks.hpg.ig.com.br/bin/rh Infection: Unix/Osf.A www.slacks.hpg.ig.com.br/bin/mass Infection: Unix/Osf.A www.slacks.hpg.ig.com.br/bin/co1 Infection: Unix/Osf.Awww.slacks.hpg.ig.com.br/psyBNC.tar.gz->?->psybnc/makesalt Infection: Unix/Osf.A www.slacks.hpg.ig.com.br/psyBNC.tar.gz->?->psybnc/psybnc Infection: Unix/Osf.A But AFAIK none of these viruses is able to get root rights, so the attacker must have got root rights before.