Trend Micro Detection and Protection
The following detections and proactive protections are available for Trend Micro customers to protection against known malicious exploits assoicated with this backdoor:Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring) for Endpoint, Servers (e.g. Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security w/Anti-malware, etc.), Mail & Gateway (e.g. Cloud App Security, ScanMail for Exchange, IMSVA)
Customers using Trend Micro SmartScan Cloud pattens detect and protect against components of exploits associated with this backdoor as Trojan.Linux.CVE20243094.A starting in version 21474.483.46.
Trend Micro Artifact Scanner (TMAS) for Trend Micro Cloud One - Container Security
Trend Micro also has an artifact scanner for Trend Micro Cloud One Container Security customers that can be used
by enabling the rule to allow you to scan containers for this vulnerability before putting the container into production.
Rule ID: TM-00000096 - Vulnerable liblzma loaded into sshd
(Additional information on how to use this utility can be found here)
Trend Micro will continue to monitor this particular issue and will update the article with more information as it becomes available.