MaGe Linux Operations

Jul 15, 2014 · Information Security

How I Traced a Bandwidth‑Hogging Malware on a Linux Server

A Linux admin recounts responding to a bandwidth‑saturation incident, discovering a suspicious sbin process hidden in /var/cache, using ifconfig, top, and netstat to reveal PPTP connections, and outlining the steps taken to identify and remove the malicious scripts.