Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Linux under attack: Compromised SSH keys lead to rootkit
Search Topic:
Uniqs:
457		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Computer Virus Aboard the ISS »
« AntiVirus Poll 2008  
AuthorAll Replies

matunga

join:2003-07-26

1 edit		 Linux under attack: Compromised SSH keys lead to rootkit

The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for what it calls “active attacks” against Linux-based computing infrastructures using compromised SSH keys.

The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as “phalanx2″ is installed, US-CERT said in a note on its current activity site.

Phalanx2 appears to be a derivative of an older rootkit named “phalanx”. Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.

Phalanx, which dates back to 2005, is a self-injecting kernel rootkit designed for the Linux 2.6 branch. It allows an attacker to hide files, processes and sockets and includes a tty sniffer, a tty connectback-backdoor, and auto injection on boot.

»blogs.zdnet.com/security/?p=1803
to forum · permalink · · 2008-08-27 11:17:03 · (locked)

SUMware
Premium
join:2002-05-21

 »SSH Key-based Attacks
»Red Hat critical security advisory - OpenSSH update issued

Try reading the thread titles before dupe posting.
to forum · permalink · · 2008-08-27 11:26:26 · (locked)
Thread is
-
Forums » Up and Running » Security » SecurityComputer Virus Aboard the ISS »
« AntiVirus Poll 2008  

Thursday, 26-Nov 22:22:32 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [109] New AT&T Ad Campaign Hits Back At Verizon
· [109] Time Warner Cable Fires Broadside At Broadcasters
· [95] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [69] TiVo Sees Record Customer Losses
· [62] In-Flight Internet Headed For Bumpy Landing?
· [53] Thanksgiving Open Thread
· [37] ICANN Slams DNS Redirection
· [35] EFF Wages War On Fine Print
· [34] Senators Want ACTA Made Public
Most people now reading
· Bell Response to PIPEDA Request [TekSavvy]
· I'll Just Unplug That... [No, I Will Not Fix Your #@$!! Computer]
· Windows 7 boot manager editing questions [Microsoft Help]
· IPComms Free DIDs now with sip registration maybe?? [VOIP Tech Chat]
· HOW-TO: QoS and Tomato (fixes "choppy voice") [MagicJack]
· Newegg Black Friday Sale started [Users Find Hot Deals]
· Whats the big deal about being "Old School"....? [World of Warcraft]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Not strictly "Home" related - but WOW anyways... [Home Repair & Improvement]