On 03/19/2014 12:11 PM, SilverTip257 wrote: > On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes <johnny at centos.org> wrote: > >> On 03/19/2014 08:50 AM, Timothy Murphy wrote: >>> SlashDot had an article today on a Linux server malware attack, >>> < >> http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers >>> . >>> >>> I wonder if there is a simple test to see if a CentOS machine >>> has been infected in this way? >>> >>> The article mentions Yara and Snort rules to test for this, >>> but I wonder if there is something simpler? >>> Alternatively, are there Yara or Snort packages for CentOS? >>> ("Yum search" didn't seem to find anything.) >>> >>> >>> >> Look at this PDF: >> >> http://bit.ly/1qCEQFi >> >> > The article I read, linked to a detection toolkit on GitHub. > https://github.com/eset/malware-ioc > > Read this: > https://github.com/eset/malware-ioc/blob/master/windigo/README.adoc > > I didn't see anything about how the machines got infected. Did I miss something? Thanks, -- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com