Ebury Linux Trojan

Chat about Linux in general
User avatar
mike acker
Level 6
Level 6
Posts: 1284
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Ebury Linux Trojan

Postby mike acker » Thu Mar 20, 2014 8:49 am

headlines on ZD Net this morning
Botnet of thousands of Linux servers pumps Windows desktop malware onto web

I tried to find out more about this "Ebury" critter:

What is Ebury

how does ebury spread?

there was this:

The backdoor is activated by sending specially-crafted data inside of the SSH client protocol version identification string. Here is what the SSH specification has to say about protocol version identification.

what is "SSH" anyway

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).[1] The protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2.

This appears to be a PRIME EXAMPLE of injecting malware into a program that has root control privilege.

I'm only going to say this once: if you want to use something that has root access you do it in the datacenter. there have been just too many hacks accomplished by various remote support tools. if you have to make an emergency change from your lap-top write an e/mail and send it to the Linux admin in the datacenter using PGP email.

I DO NOT regard this as a software defect; rather it is an administrative error.

bear in mind I'm just an ORF* . So~~ do as you please; don't mind me.
*ORF = Old Retired _Fellow_
My Computer: IBM 360/50 c. 1975
¡Viva la Resistencia!

Return to “Chat about Linux”