0

One of our servers was just infected by Trojan.Agent.Linux.A (see https://www.virustotal.com/en/file/ca22002822b27562971b1b12bfd61f2f670554ebdb0907270fda4a65f7fd2eed/analysis/1448647113/). I am planning to re-image a new server, this time using anti-virus software from the beginning. In addition, we'll take other general purpose security precautions like doing a security review of our code and IT settings.

However, I would like to know exactly how they were able to break into my server so that I can be sure my general purpose precautions will prevent this specific attack from happening in the future since we were already hit once. I searched around for advice about hardening your server to defend against this attack in particular but could not find anything.

Can anyone provide any pointers or advice?

  • Thanks Morgoroth - I am not asking "Now what?" as I know that part. What I am hoping to do is leverage someone else's investigation into this particular exploit to understand how specifically they were infected and what they did in response. Just trying to save myself some work if I can. :) Do people post such things as "I got this virus, here's exactly how, and this is what I did to harden my setup?" – David Levine Nov 27 '15 at 18:54
  • The last part of the answer that I pointed to will be the most helpful then. Basically what logging was in place prior? can you determine from that how the attacker loaded the file? If not ensure in the future the proper controls/logging is in place. – KDEx Nov 27 '15 at 19:02
  • This question is probably too general for the format of this site David. – Neil Smithline Nov 27 '15 at 19:06

0 Answers0