Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Wed Mar 27 2002 - 00:00:55 CST
I got a similar attack one and a half months ago.
A line was appended at the end of file /etc/init.d/network
Many other files were modified like ls, ps, netstat, su, etc.
ls was modified not to show the file /etc/dhcp/dhcp.conf
which was supposed to store stolen usernames and passwords.
Hopfuly I run ssh on differenr port. There was one other
strange effect - when a user locks the display, their password
is rejected when trying to unlock the display.
I can't still figure out how it has happened.