On Tue, 2014-07-29 at 17:23 -0400, Larry Linder wrote: > If anyone is interested I will share the details.
Larry, Are you running Apache Struts, Apache Tomcat, or Elasticsearch by any chance? Please review CVE-2013-2115, CVE-2013-1966, and CVE-2014-3120 to see if any of these apply to your system configuration. This type of infection is typically due to the aforementioned vulnerabilities. As for removal, find and remove the following files with the system offline: /boot/.IptabLes /boot/.IptabLex /usr/.IptabLes /usr/.IptabLex /etc/rc.d/init.d/IptabLes /etc/rc.d/init.d/IptabLex /.mylisthb* Let me know if you have any more questions. Brandon Vincent