Hi, I think I'm seeing a new variant of phalanx2 that 1.3.6 appears not to find.
It installed a semi-randomly named file in /etc/cron.d/ , "ruWJLciOgrfX-boot" which contained just this line: * * * * * root /usr/share/ruWJLciOgrfX.p2/.p-2.4a i &> /dev/null In the /usr/share directory are files named like this: .config .p-2.4a .p2rc .sniff. The binary (contains phalanx2 in 'strings' output) is .p-2.4a. Reactions? Cheers Vince ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
