Re: [Rkhunter-users] Linux/Ebury
Brought to you by:
dogsbody
From: Luigi R. <li...@lu...> - 2014-03-19 06:43:14
|
Geoffrey Leach said the following on 19/03/2014 03:55: > Is there checking for the Linux/Ebury Trojan? Cf: > http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/ According to ESET report[1], this command line could reveal the infection: $ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo “System clean” || echo “System infected” [1] http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf Appendix 1, page 58 of the PDF Ciao, luigi -- / +--[Luigi Rosa]-- \ Una buona terminologia e` meta` del gioco. |