:: [devuan-dev] bug#858: bug#858: Dete…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: tempforever
日付:  
To: 858
題目: [devuan-dev] bug#858: bug#858: Detection of ebury malware in debuan system
FYI the "ssh -G" is listed on this page
https://github.com/eset/malware-ioc/tree/master/windigo

The section is "Linux/Ebury v1.4 and earlier" with a couple of notices. 
One notice is that Ebury v1.4 is no longer deployed and most of the
indicators below no longer work.  Another notice is that this technique
only works with OpenSSH 6.7 or earlier.  OpenSSH 6.8 adds a legitimate
usage for the -G flag.  This is even shown in the first line of the output:
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
There are other detection methods listed for newer versions of OpenSSH.