Knowledgebase: News
Linux Malware: Ebury [INFO]
Posted by on 31 March 2014 09:19 AM
|
|
In the late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH backdoor trojan and credential stealer named Linux/Ebury.
Antivirus Firm ESET's Reseach team has been tracking and investigating the operation behind Linux/Ebury and today the team uncovers the details [Report PDF] of a massive, sophisticated and organized malware campaign called 'Operation Windigo', that infected more than 500,000 computers and 25,000 dedicated servers.
+++++++++++++++++++++++++++++++++++++++++++++++++
How to Check, if you have been compromised?
If you use only 'ssh -G' command, a clean server will print: 'ssh: illegal option -- G', but an infected server will only print the usage. Administrators can use the following UNIX/Linux command to check:
$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"
If your system or server was also compromised in the same campaign, it's recommended to re-install the system or re-set all passwords and private OpenSSH keys.
**For Linux platform running on WHM cPanel control panel.
For details Guide on Scanning, you may refer to this cPanel Guide KB.
+++++++++++++++++++++++++++++++++++++++++++++++++
For more information, you may refer to this link.
Information from CERT.
| |
|