Here is a link that will kinda scare you http://www.techspot.com/news/56064-operation-windigo-botnet-has-infected-250... -- GG
query ndiyo hii SELECT p.firstname AS 'First Name', p.lastname AS 'Last Name', p.nationality AS Country, p.workaddress AS Organization, CASE p.gender WHEN 1 THEN 'Male' WHEN 0 THEN 'Female' END AS Gender, CONCAT_WS('/', `day`, `month`, `year`) AS 'Date of Birth', p.email AS 'Email Address', p.mobile AS 'Mobile Number', p.passport AS 'Passport Number / ID', e.highest_qualification AS 'Highiest Qualification', e.graduation_year AS 'Graduation Year', w.role AS Role, w.role_details AS 'Role Details', w.years_professional_experience AS 'Total Years of Professional Experience', w.number_of_years_in_org AS 'Years in Organization', w.individuals_supervised AS 'Employees Supervised', w.years_current_position AS 'Years in Current Position', w.sponsoring_organisation AS 'Sponsoring Organization', w.sponsoring_organisation_details AS 'Sponsoring Organization Details', w.sector AS 'Sector', CONCAT_WS('\n ', s.`statement_one`, s.`statement_two`, s.`statement_three`) AS 'Quality Statement' FROM `profiles` p JOIN `educations` e ON p.user_id = e.user_id JOIN works w ON p.user_id = w.user_id JOIN `statements` s ON p.user_id = s.user_id On Fri, Mar 21, 2014 at 11:55 AM, geoffrey gitagia <ggitagia@gmail.com>wrote:
Here is a link that will kinda scare you
http://www.techspot.com/news/56064-operation-windigo-botnet-has-infected-250...
-- GG
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
sorry Guys for Message above.. Surely its a friday and need to get off this desk... On Fri, Mar 21, 2014 at 11:55 AM, geoffrey gitagia <ggitagia@gmail.com>wrote:
Here is a link that will kinda scare you
http://www.techspot.com/news/56064-operation-windigo-botnet-has-infected-250...
-- GG
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Interesting .. *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"* Whats the -G option for ? on my ssh version its not there On Fri, Mar 21, 2014 at 12:54 PM, Ken Muturi <muturiken@gmail.com> wrote:
sorry Guys for Message above.. Surely its a friday and need to get off this desk...
On Fri, Mar 21, 2014 at 11:55 AM, geoffrey gitagia <ggitagia@gmail.com>wrote:
Here is a link that will kinda scare you
http://www.techspot.com/news/56064-operation-windigo-botnet-has-infected-250...
-- GG
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Kind regards, Brian Linux registered user: . #565878
On 21 March 2014 14:02, Brian Echesa <bechesa@gmail.com> wrote:
Interesting .. *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"*
Whats the -G option for ? on my ssh version its not there
same as "-g". Kind Regards, Wilson./
The question that is not answered is what a user should do if they are compromised. On Fri, Mar 21, 2014 at 2:29 PM, Thuo Wilson <lixton@gmail.com> wrote:
On 21 March 2014 14:02, Brian Echesa <bechesa@gmail.com> wrote:
Interesting .. *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"*
Whats the -G option for ? on my ssh version its not there
same as "-g".
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards Brian Ngure
<quote> It's strongly recommend that operating systems of infected machines be completely reinstalled. </quote> On Fri, Mar 21, 2014 at 2:33 PM, Brian Ngure <brian@pixie.co.ke> wrote:
The question that is not answered is what a user should do if they are compromised.
On Fri, Mar 21, 2014 at 2:29 PM, Thuo Wilson <lixton@gmail.com> wrote:
On 21 March 2014 14:02, Brian Echesa <bechesa@gmail.com> wrote:
Interesting .. *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"*
Whats the -G option for ? on my ssh version its not there
same as "-g".
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Don't think this works. Just tried on freshly installed system (installed yesterday). With a capital G it shows system clean, with a small g it shows system infected. On Fri, Mar 21, 2014 at 2:41 PM, Kiti Chigiri <kiti.chigiri@gmail.com>wrote:
<quote>
It's strongly recommend that operating systems of infected machines be completely reinstalled. </quote>
On Fri, Mar 21, 2014 at 2:33 PM, Brian Ngure <brian@pixie.co.ke> wrote:
The question that is not answered is what a user should do if they are compromised.
On Fri, Mar 21, 2014 at 2:29 PM, Thuo Wilson <lixton@gmail.com> wrote:
On 21 March 2014 14:02, Brian Echesa <bechesa@gmail.com> wrote:
Interesting .. *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"*
Whats the -G option for ? on my ssh version its not there
same as "-g".
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards Brian Ngure
Which version of ssh are you using? #ssh -V On Fri, Mar 21, 2014 at 3:00 PM, Brian Ngure <brian@pixie.co.ke> wrote:
Don't think this works. Just tried on freshly installed system (installed yesterday). With a capital G it shows system clean, with a small g it shows system infected.
On Fri, Mar 21, 2014 at 2:41 PM, Kiti Chigiri <kiti.chigiri@gmail.com>wrote:
<quote>
It's strongly recommend that operating systems of infected machines be completely reinstalled. </quote>
On Fri, Mar 21, 2014 at 2:33 PM, Brian Ngure <brian@pixie.co.ke> wrote:
The question that is not answered is what a user should do if they are compromised.
On Fri, Mar 21, 2014 at 2:29 PM, Thuo Wilson <lixton@gmail.com> wrote:
On 21 March 2014 14:02, Brian Echesa <bechesa@gmail.com> wrote:
Interesting .. *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"*
Whats the -G option for ? on my ssh version its not there
same as "-g".
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Kind regards, Brian Linux registered user: . #565878
Don't have access to the machine now but it is running Fedora 20 On Fri, Mar 21, 2014 at 3:08 PM, Brian Echesa <bechesa@gmail.com> wrote:
Which version of ssh are you using?
#ssh -V
On Fri, Mar 21, 2014 at 3:00 PM, Brian Ngure <brian@pixie.co.ke> wrote:
Don't think this works. Just tried on freshly installed system (installed yesterday). With a capital G it shows system clean, with a small g it shows system infected.
On Fri, Mar 21, 2014 at 2:41 PM, Kiti Chigiri <kiti.chigiri@gmail.com>wrote:
<quote>
It's strongly recommend that operating systems of infected machines be completely reinstalled. </quote>
On Fri, Mar 21, 2014 at 2:33 PM, Brian Ngure <brian@pixie.co.ke> wrote:
The question that is not answered is what a user should do if they are compromised.
On Fri, Mar 21, 2014 at 2:29 PM, Thuo Wilson <lixton@gmail.com> wrote:
On 21 March 2014 14:02, Brian Echesa <bechesa@gmail.com> wrote:
Interesting .. *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"*
Whats the -G option for ? on my ssh version its not there
same as "-g".
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Kind regards,
Brian
Linux registered user: . #565878
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards Brian Ngure
Also getting the same issue as Brian on Fedora 20 [alex@alex ~]$ ssh -g 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System infected [alex@alex ~]$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System clean [alex@alex ~]$ uname -r 3.13.6-200.fc20.x86_64 [alex@alex ~]$ ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013 Regards, Alex On Fri, Mar 21, 2014 at 4:54 PM, Brian Ngure <brian@pixie.co.ke> wrote:
Don't have access to the machine now but it is running Fedora 20
On Fri, Mar 21, 2014 at 3:08 PM, Brian Echesa <bechesa@gmail.com> wrote:
Which version of ssh are you using?
#ssh -V
On Fri, Mar 21, 2014 at 3:00 PM, Brian Ngure <brian@pixie.co.ke> wrote:
Don't think this works. Just tried on freshly installed system (installed yesterday). With a capital G it shows system clean, with a small g it shows system infected.
On Fri, Mar 21, 2014 at 2:41 PM, Kiti Chigiri <kiti.chigiri@gmail.com>wrote:
<quote>
It's strongly recommend that operating systems of infected machines be completely reinstalled. </quote>
On Fri, Mar 21, 2014 at 2:33 PM, Brian Ngure <brian@pixie.co.ke> wrote:
The question that is not answered is what a user should do if they are compromised.
On Fri, Mar 21, 2014 at 2:29 PM, Thuo Wilson <lixton@gmail.com> wrote:
On 21 March 2014 14:02, Brian Echesa <bechesa@gmail.com> wrote:
> Interesting .. > *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo > "System clean" || echo "System infected"* > > Whats the -G option for ? on my ssh version its not there >
same as "-g".
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Kind regards,
Brian
Linux registered user: . #565878
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
run ssh with option -g and -G separately then you will know why its its saying "System infected " and "System clean" for ssh -G its returns "ssh: illegal option -- G" grep searches for pattern ("Illegal" or unknown) and echos "System clean" if found so it means if your ssh supports -G option you are infected :) backdoor ?? For ssh -g 2>&1 it returns system infected because the pattern cannot be found. On Fri, Mar 21, 2014 at 7:01 PM, Alex Ngatia <alex.ngatia@gmail.com> wrote:
Also getting the same issue as Brian on Fedora 20
[alex@alex ~]$ ssh -g 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System infected [alex@alex ~]$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System clean [alex@alex ~]$ uname -r 3.13.6-200.fc20.x86_64 [alex@alex ~]$ ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Regards,
Alex
On Fri, Mar 21, 2014 at 4:54 PM, Brian Ngure <brian@pixie.co.ke> wrote:
Don't have access to the machine now but it is running Fedora 20
On Fri, Mar 21, 2014 at 3:08 PM, Brian Echesa <bechesa@gmail.com> wrote:
Which version of ssh are you using?
#ssh -V
On Fri, Mar 21, 2014 at 3:00 PM, Brian Ngure <brian@pixie.co.ke> wrote:
Don't think this works. Just tried on freshly installed system (installed yesterday). With a capital G it shows system clean, with a small g it shows system infected.
On Fri, Mar 21, 2014 at 2:41 PM, Kiti Chigiri <kiti.chigiri@gmail.com>wrote:
<quote>
It's strongly recommend that operating systems of infected machines be completely reinstalled. </quote>
On Fri, Mar 21, 2014 at 2:33 PM, Brian Ngure <brian@pixie.co.ke>wrote:
The question that is not answered is what a user should do if they are compromised.
On Fri, Mar 21, 2014 at 2:29 PM, Thuo Wilson <lixton@gmail.com>wrote:
> > On 21 March 2014 14:02, Brian Echesa <bechesa@gmail.com> wrote: > >> Interesting .. >> *ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo >> "System clean" || echo "System infected"* >> >> Whats the -G option for ? on my ssh version its not there >> > > same as "-g". > > > Kind Regards, > Wilson./ > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Kind regards,
Brian
Linux registered user: . #565878
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Kind regards, Brian Linux registered user: . #565878
% man virus No manual entry for virus
participants (8)
-
Alex Ngatia -
Brian Echesa -
Brian Ngure -
geoffrey gitagia -
Ken Muturi -
Kiti Chigiri -
Patrick Kariuki -
Thuo Wilson