Ebury, a new SSH trojan
by Steinar H. Gunderson
November 15, 2011
https://plog.sesse.net/blog/tech/2011-11-15-21-44_ebury_a_new_ssh_trojan.html
| Notes |
|---|
| SSH |
| trojan |
| Ebury |
| replaces /usr/sbin/sshd, /usr/bin/ssh, /usr/bin/ssh-add with trojanized binaries |
| .list files added to fool debsums |
| Linux malware |
| libwrap |
| libselinux |
| hosts.deny |
| credential harvester |
| ipcs command |
| DNS |
| DNS exfiltration |
| backdoors for logging in without passwords |
| SSH brute forcing |
| password lists |
| auth.log |
| shared memory |
| multiarchitecture malware |