I had been noticing strange behavior and logs on my ubuntu machine.
I recently installed Ubuntu from a USB. I set the installation to write over blank space, and used LVM/LUKS encryption. I setup the UFW to default deny all incoming and allow all outgoing. I also allowed incoming 443/tcp and 80/tcp.
The first thing I did was install chkrootkit.
It reported that I had a possible infection of Linux/Ebury Windigo. I looked it up and read its history here -> http://www.webopedia.com/TERM/O/operation-windigo.html
Can anyone explain how an installation from a checksummed ubuntu 16.04 ISO can result in instant rootkit infection? Do I have a hidden partition on my drive? Has my bios been compromised? I did notice the system time was changed in the OS AND BIOS which led to this reinstallation.
