On 08/09/10 12:25, Paul Hartman wrote: [] > If anyone has advice on what I should look at forensically to > determine the cause of this, it is appreciated. I'll first dig into > the logs, bash history etc. and really hope that this very happened > recently. > > Thanks for any tips and wish me good luck. :)
AntiVir (Avira) anti-malware scanner has hundreds of Linux rootkit/virus signatures; you might scan your box with that. It has an on-access, realtime monitor option as well, which I use it to monitor anything downloaded and or compiled on my box (in case the distribution screen gets hacked). <http://www.free-av.com/en/download/download_servers.php> Presuming you're rooted, you might first try their stand-alone, linux live-disk scanner so as to avoid borked kernel and/or core utilities: <http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html>
