yes
looking at the code it has a full, threaded server
the code is huge (has zlib and glibc included) and the coding style is all over the place (Get_File_Size, updatesrv, MySend etc; granted some could be from zlib)
there are syn and dns flood functions, a GetRandFileName function and a million more
my novice guess is it's a cross platform botnet
bdw
ht, F6->elf/image if you want to check it out
funny that it makes slackware rc files (BSD style init)
edit:to add
as written in the link metaschima posted, to quote "(But I get infected after a while again, which I have not solved yet) "
if that happens, you can use audit (from SBo) to find out what brought the files back
to do this goes something like this:
auditd
auditctl -w /path/to/dir
#to add the directory to watch
then when the files are created
ausearch -f /foo/bar/file_created
#to find out what process created it
this uses the kernel audit framework
if it isn't in the log then the file was created before the daemon started
to remove a watch use auditctl -W /path/to/dir
more on
http://security.blogoverflow.com/201...ion-to-auditd/