Stories
Slash Boxes
Comments

SoylentNews is people

The Dark Side of the ForSSHe

posted by Fnord666 on Friday December 14 2018, @03:48PM   Printer-friendly
from the no-honor-among-thieves dept.

t-3 writes:

https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/

ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats

[...] Something that wasn’t originally discussed in the Operation Windigo paper, but that ESET researchers have talked about at conferences, is how those attackers try to detect other OpenSSH backdoors prior to deploying their own (Ebury). They use a Perl script they have developed that contains more than 40 signatures for different backdoors.

https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf

Original Submission

 
This discussion has been archived. No new comments can be posted.
The Dark Side of the ForSSHe | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by digitalaudiorock on Friday December 14 2018, @09:40PM

    by digitalaudiorock (688) on Friday December 14 2018, @09:40PM (#774566) Journal

    What threw me about that is that the very fact that the malware got installed seems to imply that you've already been rooted right? The manner in which that happened seems to be the big concern to me.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2