[CentOS] Linux malware attack

Wed Mar 19 17:39:27 UTC 2014
EGO.II-1 <eoconnor25 at gmail.com>

On 03/19/2014 01:35 PM, Mike McCarthy wrote:
> Linux server attacks are nothing new. 14 years ago I was installing a
> server, Red Hat 7 I think, and in the hour or so after I installed it to
> the time I applied the patches it was infected with an Apache ssl trojan.
>
> Years ago I moved sshd off port 22, disabled password logins and use
> certificates after noticing my logs filling up with numerous daily
> attempts at hacking into sshd.
>
> Mike
>
> On 03/19/2014 12:11 PM, SilverTip257 wrote:
>> On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes <johnny at centos.org> wrote:
>>
>>> On 03/19/2014 08:50 AM, Timothy Murphy wrote:
>>>> SlashDot had an article today on a Linux server malware attack,
>>>> <
>>> http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers
>>>> .
>>>>
>>>> I wonder if there is a simple test to see if a CentOS machine
>>>> has been infected in this way?
>>>>
>>>> The article mentions Yara and Snort rules to test for this,
>>>> but I wonder if there is something simpler?
>>>> Alternatively, are there Yara or Snort packages for CentOS?
>>>> ("Yum search" didn't seem to find anything.)
>>>>
>>>>
>>>>
>>> Look at this PDF:
>>>
>>> http://bit.ly/1qCEQFi
>>>
>>>
>> The article I read, linked to a detection toolkit on GitHub.
>> https://github.com/eset/malware-ioc
>>
>> Read this:
>> https://github.com/eset/malware-ioc/blob/master/windigo/README.adoc
>>
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
An even more compelling question: does this only affect servers? or will 
it also infect desktops as well (running CEntOS as a desktop but have 
never ssh'd anything from or to it...have a standard type of setup with 
a wireless router connected to my DSL/cable line...)


EGO II