ubuntu 10.10 sshd contains "YOU WANNA SMOKE A SPLIFF" and pot leaf ascii art. Does this mean I've been hacked?

My sshd binary on an ubuntu 10.10 machine contains the following ascii artwork:

ng: %.100sToo many lines in environment file %sUser %.100s not allowed because %s exists            YOU WANNA      .                              
          SMOKE        M      A SPLIFF ?              
                  dM                              
        ROLL ME   MMr   %d TIMES                  
                 4MMML                  .         
                 MMMMM.                xf         
 .               MMMMM               .MM-         
  Mh..           MMMMMM            .MMMM          
  .MMM.         .MMMMML.          MMMMMh          
   )MMMh.        MMMMMM         MMMMMMM           
    3MMMMx.      MMMMMMf      xnMMMMMM            
    '*MMMMM      MMMMMM.     nMMMMMMP             
      *MMMMMx     MMMMM    .MMMMMMM=             
       *MMMMMh    MMMMM    JMMMMMMP               
         MMMMMM   3MMMM.  dMMMMMM            .    
          MMMMMM   MMMM  .MMMMM         .nnMP     
..          *MMMMx  MMM   dMMMM     .nnMMMMM*      
 MMn...     'MMMMr 'MM   MMM    .nMMMMMMM*        
  4MMMMnn..   *MMM  MM  MMP   .dMMMMMMM           
   MMMMMMMx.  *ML   M .M*  .MMMMMM**              
      *PMMMMMMhn. *x > M  .MMMM**                 
           **MMMMhx/.h/ .=*                       
                  .3P %....                       
                nP       *MMnx                    

I'm assuming that this means that my machine has been hacked. Can anyone confirm this? I can't imagine this being a valid file.


compare grep usr/sbin/sshd /var/lib/dpkg/info/openssh-server.md5sums to md5sum /usr/sbin/sshd. When they come up with different md5sums, you are no longer using the packaged version. If they are the same, it doesn't mean anything definitive, since anyone who is able to modify your sshd binary obviously has privileges to alter the md5sum recorded in /var/lib/dpkg/info. The next step would be to download the package with the same version from http://packages.ubuntu.com/openssh-server to a trusted computer and check the md5sum there.