We were notified this morning of the specifics of the attack that struck Hetzner at the start of this year. Or rather, the backdoor software that was used to provide access to the machines. It does not detail what vulnerability was exploited to actually install the Trojan. But it’s still a good idea to make sure your current processes are not infected.
So we went ahead and created a check that can detect Linux.Fokirtor, based on the information provided by Hetzner and Symantec.