Well, we got also infected with this "bastard" ok, we´running Mandrake 10.2 (the good old one) but same probbs. How i found it? i was looking what is running on this MDK... uuuuuuhhhhh whats that => APACHE -DSSL ??? hmmm with high CPU Load.... i was wondering. Also o had lately lags in our bandwidth.... alot spam Mails and a few other strange things. Ok.. time to do smth...... In our case this is bastard tells you i am "APACHE -DSSL" WRONG!!!! this is a Perl Deamon connecting to the Irc Network and spreading all infos of ur sys, AND!!!! gives them full access to ur Server....... What to do???? Where the heck does it load from? Well.... it is a Exploit used by hackers to hijack Boards, no matter if phpBB, Joomla or other.. its Code injection and execution !! once u got infected u r having a probb we DONT know at time a solution to kick this lil baby off, not yet..... What we did? well... this exploid needds to load external code to execute.... we found where and how it starts up, in our case it is the file "borek.txt" (search for it by google etc. and you will find similar probbs;) ) OK... we saw where this bastard tryed to load it´s code... so we blocked this IP. This will give us now the time and chance to search how it works and maybe find a solution to fix it and close this backdoor/bug When u deny/drop/reject access to the IP where the code is placed, the deamon cant start up.. simple? yes, but no solution..... We´ll finger out how and what it is and by chance bring u all (and us) a solution ti fix it cheers from Germany, Schnulli By the way, when still someone has a solution feel free to post it here or leave me a note -- This is an email sent via The Fedora Community Portal https://fcp.surfsite.org https://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=157551&topic_id=29890&forum=10#forumpost157551 If you think, this is spam, please report this to webmaster@xxxxxxxxxxxxxxxx and/or blame dajudge@xxxxxxx
