On Tue, 12 Mar 2013 00:19:27 +0100 Sergey Spiridonov <[email protected]> wrote:
> Hi Debian > > Just detected several modified binaries on one of my Debian Squeeze > 32 bit, like /usr/bin/passwd, /bin/dash, /sbin/hdparm, /usr/bin/skype > etc. Modified files are bigger in size, but debsums does not complain > about them. I tried clamscan and avast on this binaries on another > host, they did not find anything. I also tried chkrootkit and > rkhunter (but I did not get possibility to boot from safe media yet). > > You can find some good and binaries here [1]. This virus/rootkit > seems to be clever enough to deceive debsums, so it is Debian-related. > > 1. http://hurd.homeunix.org/~sena/bad-skype/ > > If I reinstall binaries, they become normal size, but become changed > again after reboot. > > Any ideas? What else needs to be done? Currently I am going to > reinstall Debian box. No solution, but how did you find out about the changed size? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20130312012309.3378170a@fx4100
