Signature Detail

Short Name	TROJAN:EBURY-SSH-BACKDOOR
Severity	Critical
Recommended	Yes
Recommended Action	Drop
Category	TROJAN
Keywords	Linux/Ebury Trojan
Release Date	2014/03/25
Update Number	2357
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TROJAN: Linux/Ebury SSH Backdoor Connection Attempt

This signature detects a Linux/Ebury operator attempting to connect to a trojaned ssh process. The source IP is part of a reverse-proxy network that hides the operator's true source address. The destination IP is suspected of being infected with Linux/Ebury and should be investigated.

References

URL: https://www.cert-bund.de/ebury-faq

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

TROJAN: Linux/Ebury SSH Backdoor Connection Attempt

References