:: [devuan-dev] bug#858: bug#858: Dete…
Top Page
Delete this message
Reply to this message
Author: tempforever
Date:  
To: 858
Subject: [devuan-dev] bug#858: bug#858: Detection of ebury malware in debuan system
FYI the "ssh -G" is listed on this page
https://github.com/eset/malware-ioc/tree/master/windigo

The section is "Linux/Ebury v1.4 and earlier" with a couple of notices. 
One notice is that Ebury v1.4 is no longer deployed and most of the
indicators below no longer work.  Another notice is that this technique
only works with OpenSSH 6.7 or earlier.  OpenSSH 6.8 adds a legitimate
usage for the -G flag.  This is even shown in the first line of the output:
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
There are other detection methods listed for newer versions of OpenSSH.