Ebury Linux Trojan

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Locked
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Ebury Linux Trojan

Post by mike acker »

headlines on ZD Net this morning
Botnet of thousands of Linux servers pumps Windows desktop malware onto web
I tried to find out more about this "Ebury" critter:

What is Ebury

how does ebury spread?

there was this:
Functionalities

The backdoor is activated by sending specially-crafted data inside of the SSH client protocol version identification string. Here is what the SSH specification has to say about protocol version identification.
what is "SSH" anyway
Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).[1] The protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2.
~~
This appears to be a PRIME EXAMPLE of injecting malware into a program that has root control privilege.

I'm only going to say this once: if you want to use something that has root access you do it in the datacenter. there have been just too many hacks accomplished by various remote support tools. if you have to make an emergency change from your lap-top write an e/mail and send it to the Linux admin in the datacenter using PGP email.

I DO NOT regard this as a software defect; rather it is an administrative error.

bear in mind I'm just an ORF* . So~~ do as you please; don't mind me.
~~
*ORF = Old Retired _Fellow_
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
¡Viva la Resistencia!
Locked

Return to “Chat about Linux”