Blog Home  Home Feed your aggregator (RSS 2.0)  
SecureDeveloper.com - Linux under attack: Compromised SSH keys lead to rootkit
Code is COMBAT !
 
Archive
<September 2010>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789
Navigation
Home
Links
Users
JoeStagner23
Total Posts23
Comments34
Categories
 
 
Blogroll
 Misfit Geek
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Sign In
 Friday, August 29, 2008
Linux under attack: Compromised SSH keys lead to rootkit by JoeStagner

ZDNEt Reports .....

 

Compromised SSH keys leads to rootkitThe U.S. Computer Emergency Readiness Team (CERT) has issued a warning for what it calls “active attacks” against Linux-based computing infrastructures using compromised SSH keys.

The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as “phalanx2″ is installed, US-CERT said in a note on its current activity site.

From the advisory:

        • Phalanx2 appears to be a derivative of an older rootkit named “phalanx”. Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.

[ Read the article on ZDNet ]

Friday, August 29, 2008 11:59:29 AM (GMT Standard Time, UTC+00:00)  #    Comments [0]    |  Trackback
All comments require the approval of the site owner before being displayed.
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):
Live Comment Preview
Copyright © 2010 Joe Stagner. All rights reserved.