▻http://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-crede
« Today, we are publishing the results of significant amounts of research effort in a report titled “Operation Windigo – The vivisection of a large Linux server-side credential stealing malware campaign”. This report details our analysis of a set of malicious programs that are used together to infect servers and desktop computers. »