I caught a hacker midway through a break in on my computer. He somehow gained root access, and replaced some system files with his own (ls, ps, chsh, netstat, yppoll). Because I cut his connection midway through, I got the code he was using before it erased itself (it was called the megalight-rootkit). I will e-mail a gzipped tar file which includes the /var/messages file which show his ftp break-in, along with the system files he replaced and the rootkit directory to bugzilla.
Created attachment 7569 [details] tgz file contains megalight-rootkit, /var/messages documenting breakin, replaced system files
Known and fixed wu-ftpd problem, it appears.