[CentOS] Linux malware attack

Wed Mar 19 14:07:26 UTC 2014
Johnny Hughes <johnny at centos.org>

On 03/19/2014 09:01 AM, Johnny Hughes wrote:
> On 03/19/2014 08:50 AM, Timothy Murphy wrote:
>> SlashDot had an article today on a Linux server malware attack,
>> <http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers>.
>>
>> I wonder if there is a simple test to see if a CentOS machine
>> has been infected in this way?
>>
>> The article mentions Yara and Snort rules to test for this,
>> but I wonder if there is something simpler?
>> Alternatively, are there Yara or Snort packages for CentOS?
>> ("Yum search" didn't seem to find anything.)
>>
>>
>>
> Look at this PDF:
>
> http://bit.ly/1qCEQFi
>

Specifically:

1. ssh -G

and

a couple of curl commands to check for a website issues .. in the
section on IOC starting on page 57.

Also, here is a git repo if/when the writers start changing the items:

https://github.com/eset/malware-ioc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20140319/ee84be27/attachment-0005.sig>