How to check if Linux Server is affected by Windigo?

Windigo-affected websites attempt to infect visiting Windows computers with malware via an exploit kit while Mac users are typically served adverts for dating sites. iPhone owners are redirected to online porn. The drive-by-download part of the operation was geared towards stealing information. Victims of Operation Windigo included web server control panel software cPanel and Kernel.org.

To find out if your Linux server is affected by the Windigo campaign, you can run the following command.

$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "This System is clean" || echo "This System is infected"

This was originally found on the ArsTechnica article 10,000 Linux servers hit by malware serving tsunami of spam and exploits
Alternatively, you can check your system by running this script via wget.

wget -O - https://raw.githubusercontent.com/admon/scripts/master/windigo | sh

Get more details about Windigo: http://www.admon.org/papers/operation_windigo.pdf

_

Share Button

Leave a comment

Your email address will not be published. Required fields are marked *