I've been encountering this ssh/sshd trojan for a couple of months now, latest rkhunter doesn't detect it. I suppose it should :)
Remarks:
- the system on which i've collected the attached data is old (Fedora 2), but i don't think it matters, i've seen this also on up to date CentOS 5's
- the warnings on files replaced with shell scripts are normal for redhat platforms
- i will keep this box...
2009-10-17 20:02:16 UTC in Rootkit Hunter
