http://blogs.cisco.com/security/mass-compromise-of-the-obsolete/
and:
All Redhat/CentOS versions plus nearly 100% of linux-based routers run 2.6
Since the article is extremely uninformative..
Q: How do I know that I'm vulnerable or not? ex.: If I have an OpenWRT router, or Redhat 5?
As far as I can tell, there isn't enough public information to know which systems are vulnerable. The Cisco blog you linked to appears to be the primary source for this news (other sites have since picked it up, but add nothing), and it does have any concrete information on the infection vector.
The Cisco blog now includes the following edit (emphasis mine):
The observation of affected hosts running Linux kernel 2.6 is anecdotal and in no way reflects a universal condition among all of the compromised websites. Accordingly, we have adjusted the title for clarity. We have not identified the initial exploit vector for the stage zero URIs. It was not our intention to conflate our anecdotal observations with the technical facts provided in the listed URIs or other demonstrable data, and the below strike through annotations reflect that. We also want to thank the community for the timely feedback.
the article is ... well ... i wouldnt buy anything from a company with such a low level of knowlegde.
How do I know that I'm vulnerable or not?
answer in the blog: "We haven’t identified the initial attack vector. "
my guess:
again:
How do I know that I'm vulnerable or not?
let someone with some more understanding judge about this; i dont know what you mean by "ex.: If I have an OpenWRT router, or Redhat 5?"
