Watchbog - Check your Linux servers

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
44,955
So Watchbog is doing the rounds - it's not new, but it has a new component that scans the LAN for insecure Windows boxes as well. It's likely the attackers are preparing to launch a knock-on attack on Windows boxes - possibly ransomware - in future. I found it on one of my client's servers recently. Basically it exploits unpatched software to elevate permissions - incredibly easy actually.

Quick way to see if it's on your box:
Code:
sudo find / -name "watchbog"
A nice TL;DR on how to deal with it here:
 
Top