Check if Your Linux Server is Affected by Windigo

To find out if your Linux server is affected by the Windigo campaign, you can run the following command.

$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

This was originally found on the ArsTechnica article 10,000 Linux servers hit by malware serving tsunami of spam and exploits
Alternatively, you can check your system by running this script via wget.

wget -O - https://techish.net/pub/windigo | sh

Leave a Reply

Your email address will not be published. Required fields are marked *