On 03/19/2014 09:01 AM, Johnny Hughes wrote: > On 03/19/2014 08:50 AM, Timothy Murphy wrote: >> SlashDot had an article today on a Linux server malware attack, >> <http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers>. >> >> I wonder if there is a simple test to see if a CentOS machine >> has been infected in this way? >> >> The article mentions Yara and Snort rules to test for this, >> but I wonder if there is something simpler? >> Alternatively, are there Yara or Snort packages for CentOS? >> ("Yum search" didn't seem to find anything.) >> >> >> > Look at this PDF: > > http://bit.ly/1qCEQFi > Specifically: 1. ssh -G and a couple of curl commands to check for a website issues .. in the section on IOC starting on page 57. Also, here is a git repo if/when the writers start changing the items: https://github.com/eset/malware-ioc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20140319/ee84be27/attachment-0005.sig>