I run red hat linux for friends use, it is a ftp server with port 21,22,443, 80 open,I only have few accounts, last sunday, I find a new account mbit is created, then antivirus check and found a lot of malware, I didn't download movie torrent, in etc/passwd, account mbit is there.
correct one...