I've had two Linux boxes compromised before. On the first, which was connected to the Internet via a modem (!), the shell started behaving strangely. I don't remember what it did exactly, but the root kit that hit the machine replaced some executables without noticing that the replacements linked with the wrong libraries. Duh. Then I not only wiped the machine, I switched distributions.
Shane: What distros were you using that were compromised? /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
