On Mon, Jun 01, 2009 at 10:46:54AM +0200, Johann Spies wrote:
I am a bit worried that my computer have been compromised.
...
I think the last three lines are not problematic but in /dev/shm/r I found:
spawn /bin/bash
interact
Do I have reason to be worried?
Yes, that's a typical location for intruders to drop files. Easiest
thing to do is reinstall after thinking about how the compromise may
have occurred. (Did you update regularly, including kernel updates? Did
all accounts have strong passwords? Do you have web applications not
managed by the system that weren't being updated? etc.)
Mike Stone
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
