contagio: Linux/CentOS SSHd Spam Exploit — libkeyutils.so.1.9

Wednesday, February 20, 2013

Linux/CentOS SSHd Spam Exploit — libkeyutils.so.1.9 - sample

Someone shared a sample of the Linux rootkit affecting servers running CloudLinux, CentOS & cPanel.

Here are the links:

Download

Download. Email me if you need the password

Sample credit: anonymous

Automatic scans

https://www.virustotal.com/en/file/afbef5352942dde22e5cfa802c057917fccb17623f3e8ead165fd17371d851f3/analysis/

SHA256: afbef5352942dde22e5cfa802c057917fccb17623f3e8ead165fd17371d851f3
SHA1: 471ee431030332dd636b8af24a428556ee72df37
MD5: ecea5cc15532ffac4b8159bf860c63c1
File size: 27.7 KB ( 28352 bytes )

First seen by VirusTotal

2013-02-19 14:14:30 UTC ( 1 day, 7 hours ago )

Last seen by VirusTotal

2013-02-20 18:03:38 UTC ( 3 hours, 57 minutes ago )

File names (max. 25)

vti-rescan
libkeyutils.so.1.9

File type: ELF
Detection ratio: 3 / 46
Analysis date: 2013-02-20 18:03:38 UTC
AVG Patched_c.NCO 20130220
DrWeb Linux.Sshdkit.1 20130220
ESET-NOD32 Linux/SSHDoor.B 20130220

1 comment:

Alan WadeFebruary 21, 2013 at 12:59 AM
From the moment I installed it, to the very end, I waited. I waited for the crashes, for the unexplainable errors, for the lack of features or difficulty to adapt. It never came. I waited for major road blocks, for one program or function that was absolutely necessary, that would make me crawl back to Windows...but it never came.
Linux VPN
ReplyDelete
Replies

Add comment

Pages