Page 1 of 1

“Operation Windigo” Attack Infects 10,000 Unix Servers!!

PostPosted: Wed Mar 19, 2014 10:26 am
by Gilgamesh777
The Linux servers occupy the largest share of this market, which means that they are the most prone to attacks from hackers and other malevolent cyber-criminals. ESET researchers and a few other agencies have shown that Unix servers have been used to spread malware and send spam emails. complete story here http://news.softpedia.com/news/quot-Operation-Windigo-quot-Attack-Infects-10-000-Unix-Servers-Millions-of-PCs-at-Risk-432920.shtml

more details are here http://blog.eset.ie/2014/03/18/operation-windigo-malware-used-to-attack-over-500000-computers-daily-after-25000-unix-servers-hijacked-by-backdoor-trojan/

and here http://thehackernews.com/2014/03/operation-windigo-linux-malware.html

Image

Re: “Operation Windigo” Attack Infects 10,000 Unix Servers!!

PostPosted: Wed Mar 19, 2014 4:48 pm
by Xanayoshi
"How to Check, if you have been compromised? If you use only 'ssh -G' command, a clean server will print: 'ssh: illegal option -- G', but an infected server will only print the usage.

Administrators can use the following UNIX/Linux command to check:

$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

If your system or server was also compromised in the same campaign, it's recommended to re-install the system or re-set all passwords and private OpenSSH keys."

systemcheck.png