Hi Debian
Just detected several modified binaries on one of my Debian Squeeze 32
bit, like /usr/bin/passwd, /bin/dash, /sbin/hdparm, /usr/bin/skype etc.
Modified files are bigger in size, but debsums does not complain about
them. I tried clamscan and avast on this binaries on another host, they
did not find anything. I also tried chkrootkit and rkhunter (but I did
not get possibility to boot from safe media yet).
You can find some good and binaries here [1]. This virus/rootkit seems
to be clever enough to deceive debsums, so it is Debian-related.
1. http://hurd.homeunix.org/~sena/bad-skype/
If I reinstall binaries, they become normal size, but become changed
again after reboot.
Any ideas? What else needs to be done? Currently I am going to reinstall
Debian box.
--
Best regards, Sergey Spiridonov
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/khlopn$34n$1...@ger.gmane.org
