SSHD Spam Rootkit /lib64/libkeyutils.so.1.9

On a few systems have had the following:

CentOS release 6.3 (Final) md5sum /lib64/libkeyutils.so.1.9 c1f53b3ecb05102d46f1d533fe093529 /lib64/libkeyutils.so.1.9


-rwxr-xr-x 1 root root 34584 Jun 22 2012 /lib64/libkeyutils.so.1.9*
rpm -qf /lib64/libkeyutils.so.1.9

file /lib64/libkeyutils.so.1.9 is not owned by any package

uname -r: 2.6.32-279.14.1.el6.x86_64.debug

–and–

CentOS release 6.3 (Final) md5sum /lib64/libkeyutils.so.1.9 c1f53b3ecb05102d46f1d533fe093529 /lib64/libkeyutils.so.1.9


-rwxr-xr-x 1 root root 34584 Jun 22 2012 /lib64/libkeyutils.so.1.9*
rpm -qf /lib64/libkeyutils.so.1.9

file /lib64/libkeyutils.so.1.9 is not owned by any package

uname -r: 2.6.32-279.14.1.el6.x86_64.debug

what we do know is that so far firewalls have kept them off and out of SSH. So if you have those setup correctly to whitelist you, this helps.

As far as removing, you will need to remove the libkeyutils.so.1.9 and restart SSH. This **should** fix the problem.

**REF: http://www.webhostingtalk.com/showthread.php?t=1235797

IT Managers to IT Managers and Tech to the common world.

SSHD Spam Rootkit /lib64/libkeyutils.so.1.9

How to prevent load abuse from EXIM

Automatically scan, find, report, torrent scripts and files and email daily

Posts related to SSHD Spam Rootkit /lib64/libkeyutils.so.1.9

How to prevent load abuse from EXIM

Automatically scan, find, report, torrent scripts and files and email daily