TEA – Ssh-Client Worm

From kitploit.com

How it works?
This is a fakessh-client that manipulates the tty input/output to execute arbitrary commands and upload itself through the ssh connection.
To work properly, the remote machine needs:

  • display the “Last login” message when login.
  • dd and stty
  • target user using bash as default shell.
  • capability to run the fakessh binary.
  • writable ~/.bashrc

Read more…