Linux/XOR.DDoS
Have you ever wondered why your box(es) using so much bandwidth? Check this out.
Some malware has spread out, cause its origin, some of us call it China ELF. I've found this in about three or four boxes. Some of them, mostly on Digital Ocean, have been suspended or networking-disabled for their own goodness. But some providers aint do that. You on your own. One of my friend even charged for about 50 dollars for bandwidth exceed usage. Only in two days! :))
Check this superuser thread for how to clean it. Anyone who interested in how it comes and its characteristics, you can read more this in depth analysis on Malware Must Die! and Avast! blog.
P.S:
Don’t forget, some times ago, we have Bill Gates trojan too.
How they come to your box(es)? Most of the time, it caused by weak root password. Don’t use dictionary password like secret (and its variants in another language), localhost, opensesame, vendetta and so on.
Better, you can disable password authentication method, use public key, and even disable root if necessary.
If you’ve make sure that your password is good, you may check your installed apps and do some Googling or code checking. They may have vulnerabilities.
Quoted from Malware Must Die!:
Semper legerent "Salve Regina" ante venatione malware