Leon wrote:
My box running FC6 T3 has been warned by my College:
,----
| We've been investigating an IRC botnet involving JANET hosts in
| coordination with the IRC network involved. It appears, from logs of
| connections to IRC channels, that xxxx.xxx.xxx.ac.uk is
| involved.
|
| The other hosts involved so far have been compromised through an
| unknown
| vulnerability, possibly via. HTTP or SSH but we're not sure at this
| stage.
|
| Please could you investigate as soon as possible and let us know what
| you find. Any information could be very helpful to the other JANET
| sites
`----
Here is the question: how can I check if my computer is compromised?
Thank you.
I would first use rkhunter (command line: rkhunter -c) (Root Kit Hunter)
install it if you don't have it.
Mikko Silvennoinen
begin:vcard
fn:Mikko Silvennoinen
n:Silvennoinen;Mikko
org:Bittiainen Ltd
adr:48700 KOTKA;;Aijankatu 10 C 27;Kotka;;48700;Finland
email;internet:mikko@xxxxxxxx
title:CEO, Hall. puh.joht.
tel;work:+358 (0)44 517 1260
tel;home:044 517 1260
tel;cell:+358 (0)44 517 1260
note;quoted-printable:Suomeksi:=0D=0A=
=0D=0A=
Mikko Silvennoinen=0D=0A=
Bitti=C3=A4inen Oy=0D=0A=
=C3=84ij=C3=A4nkatu 10 C 27=0D=0A=
48700 KOTKA=0D=0A=
SUOMI
x-mozilla-html:TRUE
url:http://www.bittiainen.com
version:2.1
end:vcard