Blog Home  Home Feed your aggregator (RSS 2.0)  
SecureDeveloper.com - Linux under attack: Compromised SSH keys lead to rootkit
Code is COMBAT !
 
Archive
<March 2010>
SunMonTueWedThuFriSat
28123456
78910111213
14151617181920
21222324252627
28293031123
45678910
Navigation
Home
Links
Users
JoeStagner23
Total Posts23
Comments33
Categories
 
 
Blogroll
 Misfit Geek
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Sign In
 Friday, August 29, 2008
Linux under attack: Compromised SSH keys lead to rootkit by JoeStagner

ZDNEt Reports .....

 

Compromised SSH keys leads to rootkitThe U.S. Computer Emergency Readiness Team (CERT) has issued a warning for what it calls “active attacks” against Linux-based computing infrastructures using compromised SSH keys.

The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as “phalanx2″ is installed, US-CERT said in a note on its current activity site.

From the advisory:

        • Phalanx2 appears to be a derivative of an older rootkit named “phalanx”. Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.

[ Read the article on ZDNet ]

Friday, August 29, 2008 11:59:29 AM (GMT Standard Time, UTC+00:00)  #    Comments [0]    |  Trackback
Copyright © 2010 Joe Stagner. All rights reserved.