Re: rootkit/virus/trojan on squeeze 32 bit

To: debian-user@lists.debian.org
Subject: Re: rootkit/virus/trojan on squeeze 32 bit
From: Sergey Spiridonov <sena@hurd.homeunix.org>
Date: Tue, 12 Mar 2013 10:36:53 +0100
Message-id: <[🔎] khmsvi$6ie$1@ger.gmane.org>
In-reply-to: <[🔎] 20130312012309.3378170a@fx4100>
References: <[🔎] khlopn$34n$1@ger.gmane.org> <[🔎] 20130312012309.3378170a@fx4100>

Hi sp113438

On 03/12/2013 01:23 AM, sp113438 wrote:

No solution, but how did you find out about the changed size?

This is all happening on the remote machine of my friend. I do not havedirect access to hardware.

First skype refused to start complaining about modified binary. Ireinstalled skype from the same deb file (some old 2.x) and noticed thatbinary file size and md5 was changed. After system reboot skype refusedto start again and I find out that its binary changed size and md5. Itried debsums - it does not show any error.

I compared some other binaries like passwd, dash and hddparm with mylocal passwd, hddparm and dash. Remote binaries were larger. debsumsdoes not show any problem again. Additionally passwd looses sticky bit.

I copied passwd, dash, hddparm, skype binaries on my local machine andtried clamscan, avast and bitdefender. They did not detect anything.


So this must be something new.

I wonder, is there any organization which takes care about such things?
--
Best regards, Sergey Spiridonov

Reply to:

Follow-Ups:
- Re: rootkit/virus/trojan on squeeze 32 bit
  - From: Sven Joachim <svenjoac@gmx.de>

References:
- rootkit/virus/trojan on squeeze 32 bit
  - From: Sergey Spiridonov <sena@hurd.homeunix.org>
- Re: rootkit/virus/trojan on squeeze 32 bit
  - From: sp113438 <sp113438@telfort.nl>

Prev by Date: Re: Rooting an Android Tablet on Debian
Next by Date: Battery problem
Previous by thread: Re: rootkit/virus/trojan on squeeze 32 bit
Next by thread: Re: rootkit/virus/trojan on squeeze 32 bit
Index(es):
- Date
- Thread