On Fri, 21 Mar 2014, mancha wrote: > ESET recently published an interesting post-mortem of the so-called > "Operation Windigo" malware campaign [1]. > > OpenSSH backdoors (codename Linux/Ebury), described by ESET last month > [2], are a key component of Windigo's attack surface. What is libkeyutils.so? Is it linked to by some vendor patch? AFAIK pristine OpenSSH never links to it. I saw a really early version of this trojan while helping with some forensics, but it was before it started hiding itself using libkeyutils.so... -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev