search for: windigo

ESET recently published an interesting post-mortem of the so-called "Operation Windigo" malware campaign [1]. OpenSSH backdoors (codename Linux/Ebury), described by ESET last month [2], are a key component of Windigo's attack surface. --mancha [1] http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf [2] http://www.welivesecurity.com/2014/02/21/an...

SlashDot had an article today on a Linux server malware attack, <http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers>. I wonder if there is a simple test to see if a CentOS machine has been infected in this way? The article mentions Yara and Snort rules to test for this, but I wonder if there is something simpler? Alternatively, are there Yara or