>>>what is pan2?
>>>We just got hacked, and looking in the root's .bash_history, they
>>>downloaded pan2 from a .ro server, and it's still running. I was just
>>>wondering what that is..i can't seem to get a clear answer from google. 
>>
>>Looks like it is an NNTP program (namely a client for news servers).
> 
> Exactly! so why would they then wget pan2 from a .ro server? 
> They also installed dsniff. 

sniff the network for passwords and post them to an NNTP group?