The Ebury Trojan is a threat that is crafted to exploit the OpenSSH application specifically. This is achieved by employing a certain patch that is designed to alter the settings and behavior of the application in question. This is a commonly utilized strategy by many backdoor Trojans, similar to the Ebury threat. However, the difference, in this case, is that the Ebury targets Linux systems only.
The end goal of the Ebury backdoor Trojan is to compromise the targeted host and then collect sensitive information like usernames, passwords, etc. All the gathered data will then be transferred to the C&C (Command & Control) servers of the operators of the Ebury backdoor Trojan swiftly. The creators of this nasty threat have used some interesting methods when it comes to collecting data. The Ebury Trojan is capable of detecting failed login attempts. Not only does the Ebury backdoor detect such attempts, but it also records them. All the failed tries will be marked as unsuccessful attempts on the C&C of the attackers. Not only does the Ebury threat collect login credentials, but also private keys, passphrases, and OpenSSH keys, too. Apart from gathering data, the operators of the Ebury threat also can view information about the version of the deployed Trojan.
The Ebury backdoor Trojan is a very clever threat that manages to exploit a genuine application without ever locating an exploit in it. If your anti-malware application spots the presence of the Ebury backdoor Trojan on your system, it is advisable to resolve this issue as soon as possible. Use your anti-virus tool to remove the Ebury from your computer and then uninstall the OpenSSH software from your system. You can then perform a new, clean installation of the application to make sure there are no traces left of the Ebury Trojan. Change all your passwords, as the Ebury backdoor Trojan might have acquired your old passwords.