On 03/19/2014 01:35 PM, Mike McCarthy wrote: > Linux server attacks are nothing new. 14 years ago I was installing a > server, Red Hat 7 I think, and in the hour or so after I installed it to > the time I applied the patches it was infected with an Apache ssl trojan. > > Years ago I moved sshd off port 22, disabled password logins and use > certificates after noticing my logs filling up with numerous daily > attempts at hacking into sshd. > > Mike > > On 03/19/2014 12:11 PM, SilverTip257 wrote: >> On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes <johnny at centos.org> wrote: >> >>> On 03/19/2014 08:50 AM, Timothy Murphy wrote: >>>> SlashDot had an article today on a Linux server malware attack, >>>> < >>> http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers >>>> . >>>> >>>> I wonder if there is a simple test to see if a CentOS machine >>>> has been infected in this way? >>>> >>>> The article mentions Yara and Snort rules to test for this, >>>> but I wonder if there is something simpler? >>>> Alternatively, are there Yara or Snort packages for CentOS? >>>> ("Yum search" didn't seem to find anything.) >>>> >>>> >>>> >>> Look at this PDF: >>> >>> http://bit.ly/1qCEQFi >>> >>> >> The article I read, linked to a detection toolkit on GitHub. >> https://github.com/eset/malware-ioc >> >> Read this: >> https://github.com/eset/malware-ioc/blob/master/windigo/README.adoc >> >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos An even more compelling question: does this only affect servers? or will it also infect desktops as well (running CEntOS as a desktop but have never ssh'd anything from or to it...have a standard type of setup with a wireless router connected to my DSL/cable line...) EGO II