全球主机交流论坛

标题: hostigation给我发邮箱说中了Ebury Trojan? [打印本页]
作者: jiangxinyu226    时间: 2014-3-21 11:10
标题: hostigation给我发邮箱说中了Ebury Trojan?
Hostigation received third party information that your VPS may be compromised with the Ebury Trojan. The Ebury trojan steals SSH login credentials from incoming and outgoing SSH connections and forwards them to a dropzone server in specially crafted DNS packets. The trojan is normally found in a binary directory on Unix-based systems in one of the following locations:

/usr/bin/ssh
/usr/bin/sshd
/usr/bin/ssh-add

According to the data we received, your VPS was sending harvested SSH credentials to a dropzone server. They only guaranteed way to remove this trojan is to reinstall your VPS. If your VPS is OpenVZ, we can provide you with a small amount of backup space so you may retrieve critical files once your VPS is reinstalled. Due to the nature of this trojan, any infected KVM VPS will have to be reinstalled completely from scratch.

For more information on Ebury, please see https://www.cert-bund.de/ebury-faq

The information we received about your VPS was provided by US-CERT, we have no additional information as to how you may have been exploited.

Jakob McCann
Hostigation.com
Like us on FB https://www.FB.com/hostigation.hosting
Follow on 推特 @hostigation
作者: Hostigation    时间: 2014-3-21 11:11
https://www.cert-bund.de/ebury-faq
https://www.hkcert.org/my_url/zh/blog/13031201?nid=208144

詳細內容如上
提議是重安裝 VPS。
作者: 气味    时间: 2014-3-21 22:17
看不懂啊
作者: 风之翼灵    时间: 2014-3-21 22:33
Hostigation 发表于 2014-3-21 11:11
https://www.cert-bund.de/ebury-faq
https://www.hkcert.org/my_url/zh/blog/13031201?nid=208144

你们母鸡是不是全部中毒了?

我的也是告诉中毒了,今天让我重装了系统
作者: sunday    时间: 2014-3-22 01:54
确实,我朋友的几台hostigation都提示中了这个,用的wdcp,在其他公司的vps暂时没发现,不知道不是hostgation某台vps被感染导致其他用户也被感染
作者: Hostigation    时间: 2014-3-23 17:32
sunday 发表于 2014-3-22 01:54
确实,我朋友的几台hostigation都提示中了这个,用的wdcp,在其他公司的vps暂时没发现,不知道不是hostgati ...

需要澄清母雞沒有中毒~如果母雞中毒了大家早要格式化了
作者: box    时间: 2014-3-23 21:52
我也主动自宫了 还没来得及恢复
作者: sunday    时间: 2014-3-24 00:01
Hostigation 发表于 2014-3-23 17:32
需要澄清母雞沒有中毒~如果母雞中毒了大家早要格式化了

嗯嗯,我朋友已经在备份资料和重装系统ing

希望hostigation 大大能提供一些信息,一般这个trojan是如何感染到vps的,
作者: Captain    时间: 2014-3-24 00:39
关注一下



欢迎光临 全球主机交流论坛 (https://sunk.eu.org/) Powered by Discuz! X3.4