[CentOS] Linux malware attack

Wed Mar 19 17:35:25 UTC 2014
Mike McCarthy <sysop at w1nr.net>

Linux server attacks are nothing new. 14 years ago I was installing a
server, Red Hat 7 I think, and in the hour or so after I installed it to
the time I applied the patches it was infected with an Apache ssl trojan.

Years ago I moved sshd off port 22, disabled password logins and use
certificates after noticing my logs filling up with numerous daily
attempts at hacking into sshd.

Mike

On 03/19/2014 12:11 PM, SilverTip257 wrote:
> On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes <johnny at centos.org> wrote:
>
>> On 03/19/2014 08:50 AM, Timothy Murphy wrote:
>>> SlashDot had an article today on a Linux server malware attack,
>>> <
>> http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers
>>> .
>>>
>>> I wonder if there is a simple test to see if a CentOS machine
>>> has been infected in this way?
>>>
>>> The article mentions Yara and Snort rules to test for this,
>>> but I wonder if there is something simpler?
>>> Alternatively, are there Yara or Snort packages for CentOS?
>>> ("Yum search" didn't seem to find anything.)
>>>
>>>
>>>
>> Look at this PDF:
>>
>> http://bit.ly/1qCEQFi
>>
>>
> The article I read, linked to a detection toolkit on GitHub.
> https://github.com/eset/malware-ioc
>
> Read this:
> https://github.com/eset/malware-ioc/blob/master/windigo/README.adoc
>
>