Linux/Ebury


A strain of malware that allows unauthorized access and control of an affected system. Linux/Ebury is a backdoor Trojan and credential stealer that disguises itself as a variant of OpenSSH for Linux and Unix-style operating systems.

In March 2014, software security firm ESET discovered a connection between Linux/Ebury and other malware components such as Linux/Cdorked, Win32/Glupteba.M and Perl/Calfbot. ESET uncovered the fact that all four malware strains are operated by the same group, and subsequently dubbed the malicious collection of components as Operation Windigo.
How to Identify and Clean a System Compromised by Ebury

Linux/Ebury is distributed as a modified version of OpenSSH, which is an open source alternative to Secure Shell Software (SSH). Administrators can determine if a system has been compromised by Linux/Ebury by running the following command:

ssh –g

An error about a missing argument returned by the command signifies that the system in question has been compromised by Ebury.

Systems infected by Linux/Ebury should be wiped completely clean and rebuilt from scratch. And because Ebury steals login credentials through its trojanized SSH binary, unique passwords and private keys need to be created for future access to the previously infected system in order to help prevent the server from being compromised by Ebury again.

Read Also:

  • Operation Windigo (Malware)

    A collection of malware developed to create a sophisticated network of botnets that can distribute spam, redirect Web traffic and infect users’ computers with malware, all while keeping the location of the cyber criminals perpetrating the attacks a secret. Operation Windigo is believed to have been growing behind the scenes for the past three years. […]

  • Microsoft Office on iPad

    According to recent news reports, Microsoft is planning to release a version of its Office Suite, including Word, Excel, Power Point and OneNote for Apple’s iPad mobile computing device. As noted on ComputerWorld, Microsoft will announce Office apps for iPad on March 27, 2014, during a public press conference by Microsoft CEO Satya Nadella. The […]

  • Bring Your Own Cloud (BYOC)

    A term similar to BYOD (Bring Your Own Device) in which corporate employees utilize their own personal clouds or a combination of public or private cloud services from third-party cloud providers instead of the company’s own cloud services. Bring Your Own Cloud (BYOC), or Build Your Own Cloud, provides employees with the flexibility to store […]

  • Electronic Medical Record (EMR)

    EMR is short for electronic medical record. An electronic medical record is a digital version of the paper file used in a physician’s office or clinic. The EMR contains the medical history of all patients who use the practice and is part of the internal patient record-keeping process. An EMR provides immediate access to each […]

  • AirWatch

    An enterprise mobility management (EMM) and mobile device management (MDM) provider that offers solutions for handling the management of mobile devices, applications and mobile content in the enterprise. AirWatch competes in the mobile device management market with other MDM companies such as Citrix Systems (Xenprise), Perimeter, SAP Sybase, IBM (Fiberlink), Oracle (Bitzer), Continuum and MobileIron. […]


Disclaimer: Linux/Ebury definition / meaning should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional. All content on this website is for informational purposes only.