SlashDot had an article today on a Linux server malware attack,
<http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers>.
I wonder if there is a simple test to see if a CentOS machine
has been infected in this way?
The article mentions Yara and Snort rules to test for this,
but I wonder if there is something simpler?
Alternatively, are there Yara or Snort packages for CentOS?
("Yum search" didn't seem to find anything.)
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland
On 03/19/2014 08:50 AM, Timothy Murphy wrote:> SlashDot had an article today on a Linux server malware attack, > <http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers>. > > I wonder if there is a simple test to see if a CentOS machine > has been infected in this way? > > The article mentions Yara and Snort rules to test for this, > but I wonder if there is something simpler? > Alternatively, are there Yara or Snort packages for CentOS? > ("Yum search" didn't seem to find anything.) > > >Look at this PDF: http://bit.ly/1qCEQFi -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20140319/1fdafcbc/attachment-0002.sig>
On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes <johnny at centos.org> wrote:> On 03/19/2014 08:50 AM, Timothy Murphy wrote: > > SlashDot had an article today on a Linux server malware attack, > > < > http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers > >. > > > > I wonder if there is a simple test to see if a CentOS machine > > has been infected in this way? > > > > The article mentions Yara and Snort rules to test for this, > > but I wonder if there is something simpler? > > Alternatively, are there Yara or Snort packages for CentOS? > > ("Yum search" didn't seem to find anything.) > > > > > > > > Look at this PDF: > > http://bit.ly/1qCEQFi > >The article I read, linked to a detection toolkit on GitHub. https://github.com/eset/malware-ioc Read this: https://github.com/eset/malware-ioc/blob/master/windigo/README.adoc -- ---~~.~~--- Mike // SilverTip257 //