I was just browsing my server and found a suspicious file in one of the directories. It's a .sh file, and after researching it, I understand that it's the Linux equivalent of a Windows batch file.
That's good to learn...but I didn't put it there. And I have only located one instance of it, here's the code:
#!/bin/bash
#(filename).jpg
for file in $(find . -name '*_?_*.jpg' -print)
do
newfile=$(echo $file | sed 's/_\(.\)_/_0\1_/')
mv $file $newfile
done
The (filename)
is my replacement for the filename in this script.
What I want to know, in order to learn from this, is if this was a malicious file and what it looks like it's purpose may have been?
Again, I did not place this file there, I don't routinely access my server through SSH, so this raised some concern. Any help would be genuinely appreciated. Thanks!