Hi Folks,
I was alerted to this by the nice folks at http://racksrv.com (Thanks Jon/Lee)
Just putting some info out there for those who has not spotted the topic else where as yet.
Further info:
http://status.racksrv.com/2013/02/19/new-sshd-rootkit
http://forums.cpanel.net/f185/sshd-rootkit-323962.html
http://www.webhostingtalk.com/showthread.php?t=1235797
Seems info has been floating around for 4 days now although I am only just now reading through everything.
Anyone that is already aware of this please feel free to add some additional info/summery.
From what I am reading in th elast few minutes it is an issue with libkeyutils.so.1.9 (32 and 64bit) which allows spam to be sent via the server, seems to mainly affect cPanel on CENT/CloudLinux and possibly other LAMP stacks.
If you have some users that have started spamming and are unaware of how this has happened you may want to have them run the script included in the first link provided by Lee at racksrv.com
Ant.