uf..great...
was that ever addresed by CWP team, or?
This most likely won't be something addressed by CWP, at least, the removal of trojan itself. I do hope CWP team has identified and fixed the exploit which allowed this trojan to be installed. Most likely Ebury was injected into CWP hosts via a CWP vulnerability over the years. Come to find out my system has Ebury installed, and most likely has been like that for years undetected.
Malicious DLLs were found in the following locations,
- /usr/lib64/libkeyutils.so.1.5
- /usr/lib64/libkeystats.so
With a (duplicated) running process of,
- /usr/lib/systemd/systemd-udevd
With an open UNIX socket at,