Mystery infestation strikes Linux/Apache Web sites
Posted by: Anonymous
on January 25, 2008 07:27 AM
I'm quite certain that once the Apache/Kernel devs see an infested machine + a network log they will tear it apart trying to see how it happened, IF it happened at all.
The problem is that until now no one knows anything about this thing other than "it infected some unknown server and installed a rootkit". well thanks a million for the great info, reminds my of my cousins asking me to fix their PC on the phone telling me "I get a blue screen with some white text on it"
Personally I still don't know IF this is true at all. Does anybody have the IP of an infected box? a name? ANYTHING? Call me ignorant but if someone wanted to make the L and A in LAMP look bad, this would be exactly the thing he/she'd do.
Note: I am running a LAMP server, as soon as I heard about this I made a list of MD5 checksums of all of my files using a liveCD(yes I took the server offline, security over uptime) and compared those to the checksums in the Debian Stable repository. Yesterday they checked out, I will check again tonight.
PS: How do you get a linebreak on Linux.com? isn't working, neither is \n or a normal newline...