ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats

[...] Something that wasn’t originally discussed in the Operation Windigo paper, but that ESET researchers have talked about at conferences, is how those attackers try to detect other OpenSSH backdoors prior to deploying their own (Ebury). They use a Perl script they have developed that contains more than 40 signatures for different backdoors.