Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4314 (2004-01-14) Updated DAT4314 (2004-01-14) |
Minimum Engine
5.1.00 File Length1189 |
Description Added
2004-01-16 Description Modified2004-01-16 |
Malware Proliferation
Characteristics
The Unix/Exploit-SSHIDEN driver is a generic driver that searches for routines that are used often in malicious files.
Malware may search for remote systems that are vulnerable, that can be exploited. These systems can be compromised. A recent exploit was submitted in the form of a Unix Shell script having 1189 bytes, it was exploiting SSH authorized keys.
As the Unix/Exploit-SSHIDEN driver is a generic one, it may result in detections on regular files like found the Unix/Exploit-SSHIDEN trojan/variant. Please send these files in for further analysis.
Symptoms
Method of Infection
Removal
Detection is included in the specified DAT release.
In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used. Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.Administrators should regularly check for availability of important security updates/patches.
Recommended links: Caldera Debian FreeBSD Redhat Sun SuSeVariants