On Tue, 12 Mar 2013 00:19:27 +0100 Sergey Spiridonov <s...@hurd.homeunix.org> wrote:
> Hi Debian > > Just detected several modified binaries on one of my Debian Squeeze > 32 bit, like /usr/bin/passwd, /bin/dash, /sbin/hdparm, /usr/bin/skype > etc. Modified files are bigger in size, but debsums does not complain > about them. I tried clamscan and avast on this binaries on another > host, they did not find anything. I also tried chkrootkit and > rkhunter (but I did not get possibility to boot from safe media yet). > > You can find some good and binaries here [1]. This virus/rootkit > seems to be clever enough to deceive debsums, so it is Debian-related. > > 1. http://hurd.homeunix.org/~sena/bad-skype/ > > If I reinstall binaries, they become normal size, but become changed > again after reboot. > > Any ideas? What else needs to be done? Currently I am going to > reinstall Debian box. No solution, but how did you find out about the changed size? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130312012309.3378170a@fx4100
