This script uses the tool from ESET to check the RAM of a linux system for the Linux/Cdorked.A malware. It uses the tool as of April 2013. As of this date the malware had only been known about for a month with research still ongoing. For this reason there may be a later version of the tool available.
I found the tool on the ESET page describing the Linux/Cdorked.A malware so that would likely be the best place to check for updates, if there are any.
How to run it
If you are here, you can probably tell that the below script does nothing harmful so run one of the following commands at terminal to execute it in a single command:
curl https://gist.github.com/penguinpowernz/5731076/raw/9f49d592f9281ad2e212f05dfec076985d4d8e42/cdorked_detect.sh | sh
wget https://gist.github.com/penguinpowernz/5731076/raw/9f49d592f9281ad2e212f05dfec076985d4d8e42/cdorked_detect.sh --no-check-certificate -O - | sh
If you are good you will see this printed out:
No shared memory matching Cdorked signature was found. To further verify your server, run "ipcs -m -p" and look for a memory segments created by your http server.
For more information please see the ESETs We Live Security blog post at http://www.welivesecurity.com/2013/05/07/linuxcdorked-malware-lighttpd-and-nginx-web-servers-also-affected/