I have had several people talk to me over the last few days about having their machine compromised. The infection vector appears to be weak ssh passwords. The compromise appears to based on people scanning for open ssh ports then brute forcing passwords before installing a Trojan that connects to IRC and accept commands from a channel (such as .ddos <ip>). Please, make sure you're using a secure password. If passwd warns you that a password is insecure, CHANGE IT. http://www.wlug.org.nz/ChoosingPasswords provides a couple of methods on how to choose a good password. Make sure everything is up to date on your system: for debian: apt-get update apt-get dist-upgrade -u for fedora core click on the blinking red (!) in the corner to get it to do the updates. If you don't use ssh (or don't know what it is) DISABLE IT, or just uninstall it. If you do use ssh, consider using tcpwrappers to lock it to something like "*.nz". See http://www.wlug.org.nz/AdvancedSecurityNotes. To check if you've been compromised, try "locate emech". If it shows up any files (particularly in /tmp or /var/tmp) then you have been compromised. Bugger. If you have, and need help, email me off list and we'll talk about what you can do.