[olug] Security breach?

[aric at omahax.com]

Is there something that does a hash compare of all the binaries, installed
packages, etc. and can be ran from removable, bootable media?

> Given that your computer is compromised, reinstall. You don't know
> what binaries have been replaced, rootkit-style. Sure you can do
> something along the lines of "md5sum `which md5sum`, although if I
> were to write a rootkit, that's one of the things I would patch to
> avoid my own binaries.
>
> On Tue, Jun 5, 2012 at 4:20 PM,  <aric at omahax.com> wrote:
>> I would be surprised if you or your system was the cause.  I recommend
>> looking at the email message headers to see where it came from.  You
>> also
>> may want to sniff your network to see if you are sending stuff out or
>> scanning for port 25 connections.
>>
>>> I'm running MandrivaLinux x64 2011 (KDE4) updated behind a commercial
>>> Trendnet
>>> router.
>>>
>>> I notice I've begun receiving spam emails supposedly from people in my
>>> address
>>> book (thunderbird).  When I run 'top' I don't find any obvious intruder
>>> files.  Having received three of these now, all from different
>>> addresses
>>> and
>>> people, I suspect my computer is compromised.
>>>
>>> This prompted me to check my security settings.  Turns out I had left
>>> the
>>> firewall down from my last full re-install a couple of weeks ago.  It's
>>> back up.
>>>
>>> Any suggestions for ridding a Linux system of malware?
>>>
>>>      Jack
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>