virus logo Virus

ELF/SShPass.F910!tr

description-logoAnalysis

ELF/SShPass.F910!tr is a detection for an Elf trojan. Below are some of its observed characteristics/behaviours:

  • This detection is for a modified version of sshpass which is a utility to avoid user TTY functionality of normal ssh utility. This utility can be used to compromise a given Linux system.

  • Below is an illustration difference between a normal sshpass via normal repository and the modified version:

    • Figure 1: SShPass.



recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2020-04-14 76.70200 Sig Updated
2020-02-10 75.17000 Sig Added
ID 8180918
Released Feb 10, 2020
Description
Updated		 Feb 10, 2020
Aliases ,,
Platform Profile Linux binary executable format