Originally Posted by m3phisto
a workmade of mine is now on the box.
this is /usr/bin/chattr
looks like we got a lot of work.
That's indeed bad news.
A very optimistic look would be: Only chattr was replaced by another command, which could be replaced by a working version (remove the existing chattr and reinstall using your distro's tools). But like I stated before: Who knows what else was compromised........
I do hope you have an idea how your box was compromised and are able to make sure that doesn't happen again.
Good luck fixing/reinstalling your box!