Wednesday, February 20, 2013

Linux/CentOS SSHd Spam Exploit — libkeyutils.so.1.9 - sample


Someone shared a sample of the Linux rootkit affecting servers running CloudLinux, CentOS & cPanel.

Here are the links:

Download
Sample credit: anonymous

Automatic scans

https://www.virustotal.com/en/file/afbef5352942dde22e5cfa802c057917fccb17623f3e8ead165fd17371d851f3/analysis/


SHA256: afbef5352942dde22e5cfa802c057917fccb17623f3e8ead165fd17371d851f3
SHA1: 471ee431030332dd636b8af24a428556ee72df37
MD5: ecea5cc15532ffac4b8159bf860c63c1
File size: 27.7 KB ( 28352 bytes )
First seen by VirusTotal
2013-02-19 14:14:30 UTC ( 1 day, 7 hours ago )
Last seen by VirusTotal
2013-02-20 18:03:38 UTC ( 3 hours, 57 minutes ago )
File names (max. 25)
  1. vti-rescan
  2. libkeyutils.so.1.9

File type: ELF
Detection ratio: 3 / 46
Analysis date: 2013-02-20 18:03:38 UTC
AVG Patched_c.NCO 20130220
DrWeb Linux.Sshdkit.1 20130220
ESET-NOD32 Linux/SSHDoor.B 20130220

1 comment:

  1. From the moment I installed it, to the very end, I waited. I waited for the crashes, for the unexplainable errors, for the lack of features or difficulty to adapt. It never came. I waited for major road blocks, for one program or function that was absolutely necessary, that would make me crawl back to Windows...but it never came.
    Linux VPN

    ReplyDelete