As you've seen you have been cracked by a "worm", it's called
RST.b.
In few words, it infect exectable files in /bin and in the current directory from where you are executing an already infected binary. You were infected
because of a php bug and the ptrace bug.
Might be a side effect of the tools that were used.
A quick scan with f-prot shows several infected files on the server www.slacks.hpg.ig.com.br:
www.slacks.hpg.ig.com.br/bin/telnetd Infection: Unix/RST.B
www.slacks.hpg.ig.com.br/bin/sslscan Infection: Unix/RST.B
www.slacks.hpg.ig.com.br/bin/rh Infection: Unix/Osf.A
www.slacks.hpg.ig.com.br/bin/mass Infection: Unix/Osf.A
www.slacks.hpg.ig.com.br/bin/co1 Infection: Unix/Osf.A
www.slacks.hpg.ig.com.br/psyBNC.tar.gz->?->psybnc/makesalt Infection: Unix/Osf.A
www.slacks.hpg.ig.com.br/psyBNC.tar.gz->?->psybnc/psybnc Infection: Unix/Osf.A
But AFAIK none of these viruses is able to get root rights, so the attacker must have got root rights before.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
