A month ago, ESET published a technical analysis on Linux/Ebury. This malware is a clever OpenSSH backdoor and credential stealer. Since last year, ESET’s research team has been investigating the operation behind Linux/Ebury. We discovered an infrastructure used for malicious activities that is all hosted on compromised servers. We were also able to find a link between different malicious components such as Linux/Cdorked, Perl/Calfbot and Win32/Glupteba.M and realized they are all operated by the same group.
Operation Windigo – the vivisection of a large Linux server-side credential-stealing malware campaign
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.