MalwareAbout a month ago I was alerted to this by a security officer.  This is a malware that is a clever OpenSSH backdoor and credential stealer.  It is worth going and reviewing the link below, and read the PDF that is at the bottom of the article.  

It goes into more detail about the malware and a simple way to see if you are affected.  I have listed the command it mentioned here for Linux.  I was also asked to check Solaris machines as well.  I have listed the variations below. 

Linux

ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

Solaris 10

ssh -G 2>&1 | /usr/sfw/bin/ggrep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

Solaris 8

ssh -G 2>&1 | /usr/xpg4/bin/grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

http://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/

I am always interested in your thoughts so if you have any comments or feedback then please feel free to add any comments, or you can mail me  here.