caught with Linux Virus ELF_ROOTKIT
David Cary Hart
Fedora at TQMcube.com
Thu Oct 20 17:28:32 UTC 2005
On Thu, 2005-10-20 at 09:21 -0700, M E Fieu wrote:
> Hi.. We found that our Linux server was down last night and before that our Linux Anti-Virus
> server (TrendMicro SPLX ServerProtect for Linux) was sending us the Virus found notification as
> followiing
>
> Virus found!
> Action: Clean failed, Quarantined.
> ELF_ROOTKIT.A found in file: ptrace
> A virus infection was detected
>
The more important issue is to figure out where this came from! IMO (and
others may disagree) these are usually the product of vulnerable PHP
scripts.
I would strongly encourage you to do some forensics. It would help the
community to know how your machine was infected.
BTW, you might also want to run rkhunter daily. It's available in Fedora
Extras.
Another good place to discuss these issues is in the DShield.org list.
--
Our DNSRBL - Eliminate Spam: http://www.TQMcube.com/spam_trap.htm
RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm
Tired of spam? Do YOUR part: http://www.BoulderPledge.org
More information about the fedora-list
mailing list