Archive | Februar, 2014

Howto detect Ebury SSH Backdoor

Die folgende Yara Signatur kann für die Erkennung der Ebury SSH Backdoor verwendet werden. rule Ebury_SSHD_Malware_Linux { meta: description = "Ebury Malware" author = "Florian Roth" hash = "4a332ea231df95ba813a5914660979a2" strings: $s0 = "keyctl_set_reqkey_keyring" fullword $s1 = "recursive_session_key_scan" fullword $s2 = "keyctl_session_to_parent" fullword $s3 = "keyctl_assume_authority" fullword $s4 = "keyctl_get_security_alloc" fullword $s5 = "keyctl_instantiate_iov" fullword $s6 […]

Leave a comment Continue Reading →