Linux/Ebury

A strain of malware that allows unauthorized access and control of an affected system. Linux/Ebury is a backdoor Trojan and credential stealer that disguises itself as a variant of OpenSSH for Linux and Unix-style operating systems.

In March 2014, software security firm ESET discovered a connection between Linux/Ebury and other malware components such as Linux/Cdorked, Win32/Glupteba.M and Perl/Calfbot. ESET uncovered the fact that all four malware strains are operated by the same group, and subsequently dubbed the malicious collection of components as Operation Windigo.

How to Identify and Clean a System Compromised by Ebury

Linux/Ebury is distributed as a modified version of OpenSSH, which is an open source alternative to Secure Shell Software (SSH). Administrators can determine if a system has been compromised by Linux/Ebury by running the following command:

ssh g

An error about a missing argument returned by the command signifies that the system in question has been compromised by Ebury.

Systems infected by Linux/Ebury should be wiped completely clean and rebuilt from scratch. And because Ebury steals login credentials through its trojanized SSH binary, unique passwords and private keys need to be created for future access to the previously infected system in order to help prevent the server from being compromised by Ebury again.

Forrest Stroud
Forrest is an experienced, entrepreneurial and well-rounded professional with 15+ years covering technology, business software, website design, programming and more.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Indicators of Compromise

When a system administrator finds anomalous or malicious behavior within network...

Disk Drive

A disk drive is a device that allows a computer to read from...

Firewall as a Service...

For the cloud-first organization, Firewall as a Service (FWaaS) brings all...