Operation Windigo - Linux ssh exploit and bot net
Here's an unpleasant start to your morning: confirmation of a long-running openSSH exploit [PDF] that has led to an extensive botnet pumping out spam, viruses, malware, and of course links to redirect farms. Symantec provides some analysis here . "Operation Windigo" as it's called has been alive since 2011, stealing SSH credentials on Windows, Linux, and BSD systems, and it has hit a couple of well-known companies, including cpanel and the Linux Foundation.
Check your system in the time it takes for your morning coffee to cool, with this command to see if you've been affected:
If your system doesn't come up clean, you are probably one of an estimated 25,000 compromised servers currently sending out over 35 million pieces of spam.
Check your system in the time it takes for your morning coffee to cool, with this command to see if you've been affected:
ssh -G 2>&1 | grep -e illegal -e unknown >/dev/null && echo "System clean" || echo "System infected"Uninfected systems return an "error illegal option" or "unknown option" for the -G flag, plus as the usage message, whereas infected systems will return only the usage message.
If your system doesn't come up clean, you are probably one of an estimated 25,000 compromised servers currently sending out over 35 million pieces of spam.
I suppose I could just Google it, but fostering discussion and all that.