FYI: If you're worried, Phalanx2 is easily detectable with utilities available for download such as chkrootkit
. If they're not on your Linux box - they should be.
rkhunter can be found at http://www.rootkit.n.../rootkit_hunter.html
chkrootkit can be found at www.chkrootkit.org
<<Edit-added this>> An argument can (and has) been made that this problem is largely the fault of Sysadmins getting sloppy with the use of SSH (i.e. accessing root with weak or passphraseless keys), or their using weak passphrases when SSH keys are being generated. While this may be true, I think the Linux community would be doing itself a major disservice to accept that argument.
One rule I learned when I was taking a system design course was this:
always has to be done a certain way, then it shouldn't be necessary for somebody
to do it at all. Automate it."
So if the obvious security problems are caused by people making mistakes, add in procedures and code to not allow them to make those mistakes. Or at least make it a lot more difficult to do so.