[olug] Security breach?

Kevin sharpestmarble at gmail.com
Tue Jun 5 23:05:22 UTC 2012


Given that your computer is compromised, reinstall. You don't know
what binaries have been replaced, rootkit-style. Sure you can do
something along the lines of "md5sum `which md5sum`, although if I
were to write a rootkit, that's one of the things I would patch to
avoid my own binaries.

On Tue, Jun 5, 2012 at 4:20 PM,  <aric at omahax.com> wrote:
> I would be surprised if you or your system was the cause.  I recommend
> looking at the email message headers to see where it came from.  You also
> may want to sniff your network to see if you are sending stuff out or
> scanning for port 25 connections.
>
>> I'm running MandrivaLinux x64 2011 (KDE4) updated behind a commercial
>> Trendnet
>> router.
>>
>> I notice I've begun receiving spam emails supposedly from people in my
>> address
>> book (thunderbird).  When I run 'top' I don't find any obvious intruder
>> files.  Having received three of these now, all from different addresses
>> and
>> people, I suspect my computer is compromised.
>>
>> This prompted me to check my security settings.  Turns out I had left the
>> firewall down from my last full re-install a couple of weeks ago.  It's
>> back up.
>>
>> Any suggestions for ridding a Linux system of malware?
>>
>>      Jack
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug



More information about the OLUG mailing list