I'm reading up on SuckIt like crazy...
The problem is - it was created as a white paper initially - so show the capability for a self patching Kernel. The original source code didn't include a Vector - so there's no specific info about how the sucker gets deployed. Each hacker writes their own variant.
I've gone over my firewall, etc. There are a few other reports online of users with up to date systems getting hit - and no commentary about how...
I was running:
Apache
mySql
phpNuke
Coppermine
Subversion
Samba
xVnc
I'm looking into each of these to verify that I had the latest patches installed in each. I'm not willing to repair this machine and put it back into service only to have the same thing happen again... so what I'm struggling with right now is exactly the question you raised - how did this happen and how do I prevent it.
If you read up on what SuckIT does - it logs all passwords entered at a command prompt and sends them back to papa. I've also got to go and change a number of passwords in different places that I'd shared with the account I used on this machine....
-Pete