On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes <johnny at centos.org> wrote: > On 03/19/2014 08:50 AM, Timothy Murphy wrote: > > SlashDot had an article today on a Linux server malware attack, > > < > http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers > >. > > > > I wonder if there is a simple test to see if a CentOS machine > > has been infected in this way? > > > > The article mentions Yara and Snort rules to test for this, > > but I wonder if there is something simpler? > > Alternatively, are there Yara or Snort packages for CentOS? > > ("Yum search" didn't seem to find anything.) > > > > > > > > Look at this PDF: > > http://bit.ly/1qCEQFi > > The article I read, linked to a detection toolkit on GitHub. https://github.com/eset/malware-ioc Read this: https://github.com/eset/malware-ioc/blob/master/windigo/README.adoc -- ---~~.~~--- Mike // SilverTip257 //