Knowledgebase: News
Linux Malware: Ebury [INFO]
Posted by on 31 March 2014 09:19 AM
 
In the late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH backdoor trojan and credential stealer named Linux/Ebury. 
Antivirus Firm ESET's Reseach team has been tracking and investigating the operation behind Linux/Ebury and today the team uncovers the details [Report PDF] of a massive, sophisticated and organized malware campaign called 'Operation Windigo', that infected more than 500,000 computers and 25,000 dedicated servers.
 
+++++++++++++++++++++++++++++++++++++++++++++++++
 
How to Check, if you have been compromised?
 
If you use only 'ssh -G' command, a clean server will print: 'ssh: illegal option -- G', but an infected server will only print the usage. Administrators can use the following UNIX/Linux command to check:
$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"
 
If your system or server was also compromised in the same campaign, it's recommended to re-install the system or re-set all passwords and private OpenSSH keys.
 
**For Linux platform running on WHM cPanel control panel.
For details Guide on Scanning, you may refer to this cPanel Guide KB. 
 
+++++++++++++++++++++++++++++++++++++++++++++++++
 
 
For more information, you may refer to this link.
 
Information from CERT.
 
 

Copyright © 1998 - 2018 Shinjiru International Inc. All Rights Reserved.