Ebury Linux Trojan

Chat about Linux in general

Ebury Linux Trojan

Postby mike acker on Thu Mar 20, 2014 8:49 am

headlines on ZD Net this morning
Botnet of thousands of Linux servers pumps Windows desktop malware onto web


I tried to find out more about this "Ebury" critter:

What is Ebury

how does ebury spread?

there was this:
Functionalities

The backdoor is activated by sending specially-crafted data inside of the SSH client protocol version identification string. Here is what the SSH specification has to say about protocol version identification.


what is "SSH" anyway

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).[1] The protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2.


~~
This appears to be a PRIME EXAMPLE of injecting malware into a program that has root control privilege.

I'm only going to say this once: if you want to use something that has root access you do it in the datacenter. there have been just too many hacks accomplished by various remote support tools. if you have to make an emergency change from your lap-top write an e/mail and send it to the Linux admin in the datacenter using PGP email.

I DO NOT regard this as a software defect; rather it is an administrative error.

bear in mind I'm just an ORF* . So~~ do as you please; don't mind me.
~~
*ORF = Old Retired _Fellow_
Home assembled box using ASUS M5A88-M motherboard and x64 AMD Phenom II X4 3.4GHz cpu; 4x4MB DDR3 RAM
User avatar
mike acker
Level 4
Level 4
 
Posts: 350
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Linux Mint is funded by ads and donations.
 

Return to Chat about Linux

Who is online

Users browsing this forum: No registered users and 3 guests