SSHD Spam Rootkit /lib64/libkeyutils.so.1.9

On a few systems have had the following:

CentOS release 6.3 (Final)
md5sum /lib64/libkeyutils.so.1.9
c1f53b3ecb05102d46f1d533fe093529 /lib64/libkeyutils.so.1.9

-rwxr-xr-x 1 root root 34584 Jun 22 2012 /lib64/libkeyutils.so.1.9*

rpm -qf /lib64/libkeyutils.so.1.9
file /lib64/libkeyutils.so.1.9 is not owned by any package

uname -r: 2.6.32-279.14.1.el6.x86_64.debug

–and–

CentOS release 6.3 (Final)
md5sum /lib64/libkeyutils.so.1.9
c1f53b3ecb05102d46f1d533fe093529 /lib64/libkeyutils.so.1.9

-rwxr-xr-x 1 root root 34584 Jun 22 2012 /lib64/libkeyutils.so.1.9*

rpm -qf /lib64/libkeyutils.so.1.9
file /lib64/libkeyutils.so.1.9 is not owned by any package

uname -r: 2.6.32-279.14.1.el6.x86_64.debug

what we do know is that so far firewalls have kept them off and out of SSH. So if you have those setup correctly to whitelist you, this helps.

As far as removing, you will need to remove the libkeyutils.so.1.9 and restart SSH. This **should** fix the problem.

**REF: http://www.webhostingtalk.com/showthread.php?t=1235797

Share on Tumblr

50 thoughts on “SSHD Spam Rootkit /lib64/libkeyutils.so.1.9

  1. Pingback: simvolika sochi 2014

  2. Pingback: Where to buy center

  3. Pingback: Where to buy center

  4. Pingback: Where to buy center

  5. Pingback: Where to buy center

  6. Pingback: Where can i buy

  7. Pingback: mxl 990 powered condenser microphone b000p5lwqg 735

  8. Pingback: hp factory recertified pavilion touchsmart b00i8r79q0 2590

  9. Pingback: speakercraft ruckus rock landscape speaker b003n8iqne 6067

  10. Pingback: payday loans las cruces

  11. Pingback: emergency cash loans online

  12. Pingback: calculator interest loan only payment

  13. Pingback: how can i get a online loan without a security deposit

  14. Pingback: cash advance 33172

  15. Pingback: i have been refused a loan

  16. Pingback: money loans no credit check direct lenders

  17. Pingback: home home improvement loan mobile

  18. Pingback: click here

  19. Pingback: click here

  20. Pingback: Comment...

  21. Pingback: ajinomoto

  22. Pingback: backlink checker

  23. Pingback: Yahoo is a great Search Engine

  24. Pingback: .co.uk} is a nice Search Engine

  25. Pingback: zuzu pets

  26. Pingback: tumbled stones

  27. Pingback: balsa wood

  28. Pingback: tibicos

  29. Pingback: where to buy cap gun ammo

  30. Pingback: where to buy center

  31. Pingback: where to buy center

  32. Pingback: Bing is a gread Search Engine

  33. Pingback: Bing is a gread Search Engine

  34. Pingback: Yahoo is a great Search Engine

  35. Pingback: Discount Price Camelbak Blowfish Hydration Pack

  36. Pingback: Yahoo is a great Search Engine

  37. Pingback: Yahoo is a nice Search Engine

  38. Pingback: Bing is a gread Search Engine

  39. Pingback: google.co.uk is a nice Search Engine

  40. Pingback: Bing is a gread Search Engine

  41. Pingback: Bing is a gread Search Engine

  42. Pingback: google.de is a nice Search Engine

  43. Pingback: google.com is a great Search Engine

  44. Pingback: elmer

  45. Pingback: Bing is a gread Search Engine

  46. Pingback: Yahoo is a nice Search Engine

  47. Pingback: Bing is a gread Search Engine

  48. Pingback: vincent

  49. Pingback: Floyd

  50. Pingback: otis

Comments are closed.