detecting Linux.Ekoms.1

by Benjamin H. (bman) Graham

So the big news is a malware for Linux designed to take screenshots every 30 seconds that has been found in the wild called Linux.Ekoms.1.

For more information see this link:

http://vms.drweb.com/virus/?i=7924647

To assist in detection and cleaning, I wrote a quick script to test for the malware existence and notify you.

You can run the script like this: 

bash <(curl -s bman.io/i/detect_ekoms)

The code is as follows: 

#!/bin/bash
# Quick and dirty check for ekoms existence. - bman@bman.io
check_ekoms() {  
    if [ -e "$HOME/.config/autostart/%exename%.desktop" ]; then
        echo 'Possible infection found. You should run a full scan of all disk partitions.
To clean, you can download a free trial of Dr.Web Anti-virus for Linux here:  
        http://products.drweb.com/linux/?lng=en'; exit 1;
    else
        echo "Linux.Ekoms.1 not found.  System clean."; exit 0;
    fi
}
check_ekoms;